stackoom
  简体   繁体   中英

Kubernetes/Ingress/TLS - block access with IP Address in URL

 原文  2021-05-05 08:49:40       ssl/ kubernetes

Question

A pod is accessible via nginx-ingress and https://FQDN. That works well with the configured public certificates. But if someone uses https://IP_ADDRESS - he will get a certificate error because of the default "Kubernetes Fake Certificate". Is it possible to block access completely using the IP_ADDRESS url?

1 answers

solution1
 0  2021-05-05 09:12:13

I think you would first need the TLS handshake to complete, before Nginx could deny the access.

On the other hand, HAproxy may be able to close the connection while checking the ServerName. Say setting some ACL in your https frontend, routing applications to their backends. Though I'm not sure this would be doable unless mounting a custom HAproxy configuration template into your ingress controller.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Kubernetes ingress tls Kubernetes Ingress not working with Traefik and TLS Kubernetes NGINX Ingress TLS issue Kubernetes nginx-ingress TLS issue Securing connections from ingress to services in Kubernetes with TLS Kubernetes Ingress TLS not being created with headless service Supporting wildcard domains for TLS: Kubernetes Ingress on GKE Remote IP based SSL in Kubernetes Ingress Kubernetes TLS Ingress route with cert-manager and SelfSigned ClusterIssuer not working Which Kubernetes ingress "wins" (tls and multiple ingresses for same host)?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM