堆栈内存溢出
  简体   繁体   English

Ingress Nginx 中的 TCP 公开服务与 ssl 一起使用?

[英]TCP exposed service in an Ingress Nginx works with ssl?

 原文  2020-10-15 10:58:33       ssl/ kubernetes/ mqtt/ nginx-ingress

问题描述

If I have a backend implementation for TLS, does Ingress NGINX expose it correctly?如果我有 TLS 的后端实现,Ingress NGINX 是否正确公开它?

I'm exposing an MQTT service through an Ingress NGNIX with the following configuration:我正在通过具有以下配置的 Ingress NGNIX 公开 MQTT 服务:

ConfigMap:配置映射:

---

apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-ingress-tcp-microk8s-conf
  namespace: ingress
#Add the service we want to expose
data:
  1883: "default/mosquitto-broker:1883"

DaemonSet:守护进程集:

---
apiVersion: apps/v1
kind: DaemonSet
   ...
spec:
  selector:
    matchLabels:
      name: nginx-ingress-microk8s
  template:
    metadata:
   ...
    spec:
      ...
        ports:
        - containerPort: 80
        - containerPort: 443
#Add the service we want to expose
        - name: prx-tcp-1883
          containerPort: 1883
          hostPort: 1883
          protocol: TCP
        args:
        - /nginx-ingress-controller
        - --configmap=$(POD_NAMESPACE)/nginx-load-balancer-microk8s-conf
        - --tcp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-tcp-microk8s-conf
        - --udp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-udp-microk8s-conf
        $DEFAULT_CERT
        $EXTRA_ARGS

I have configured the MQTT broker to use TLS in the backend.我已将 MQTT 代理配置为在后端使用 TLS。 When I run the broker in my machine, outside the kubernetes cluster, Wireshark detects the messages as TLS, and it doesn't show anything about MQTT:当我在我的机器上运行代理时,在 kubernetes 集群之外,Wireshark 将消息检测为 TLS,并且它没有显示任何关于 MQTT 的信息:

在此处输入图片说明

However, if I run the broker inside the cluster, it shows that im using MQTT, and nothing about TLS.但是,如果我在集群内运行代理,它会显示我使用的是 MQTT,而与 TLS 无关。 But the messages aren't read correctly:但是消息没有被正确读取: 在此处输入图片说明

And finally, if I run the MQTT broker inside the cluster without TLS, Wireshark detects correctly the MQTT pakcets:最后,如果我在没有 TLS 的集群内运行 MQTT 代理,Wireshark 会正确检测 MQTT 包: 在此处输入图片说明

My question is: Is the connection encrypted when I use TLS inside the cluster?我的问题是:在集群内使用 TLS 时连接是否加密? It's true that Wireshark doesn't show the content of the packets, but it knows I'm using MQTT. Wireshark 确实不显示数据包的内容,但它知道我正在使用 MQTT。 Maybe it's because the headers aren't encrypted, but the payload is?也许是因为标头没有加密,但有效载荷是? Does anyone knows exactly?有没有人确切知道?

1 个解决方案

解决方案1
 1 已采纳  2020-12-14 12:34:01

问题是我按照文档的建议在端口 8883 中运行 TLS MQTT(标准 MQTT 不在 1883 端口中),但 Wireshark 没有将此端口识别为 MQTT 端口,因此 Wireshark 给出的格式有点坏。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Kubernetes nginx 入口 ssl - Kubernetes nginx ingress ssl NGINX 入口控制器、SSL 和 optional_no_ca - NGINX Ingress controller, SSL and optional_no_ca 无法 SSL 通过入口 Nginx Controller - Unable to SSL Pass through Ingress Nginx Controller 入口nginx数字海洋上的ssl终止 - ssl termination on ingress nginx digital ocean Kubernetes 内部 nginx 入口 controller 带 ZEA52C36203C5F99C22CE2442Dssl-ZB1 端接 - Kubernetes internal nginx ingress controller with SSL termination & ssl-passthrough 是否可以在Nginx中使用SSL Passthrough重定向TCP连接 - Is it possible to redirect TCP connection with SSL Passthrough in nginx 带有 gke tcp 负载均衡器和 TLS 证书的 nginx 入口 - nginx ingress w/ gke tcp loadbalancer and TLS certificate Openshift 上的 SSL/TLS 直通 NGINX-Ingress-Controller 不工作 - SSL/TLS passthrough NGINX-Ingress-Controller on Openshift Not Working 如何使用 Nginx 入口 controller 为对讲机设置 SSL? - How to setup SSL for Intercom using Nginx ingress controller? Kubernetes 入口:SSL(HTTP -> HTTPS)重定向不起作用(Nginx Docker) - Kubernetes Ingress: SSL (HTTP -> HTTPS) redirect not working (Nginx Docker)
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM