[英]How can i configure ingress and nginx ingress controller to send http traffic to port 80 and https traffic to 443 port, with the same host and path
[英]NGINX is forwarding HTTPS-traffic on some url's incorrectly to HTTP on port 443
這是一個 Docker 容器,NGINX 和 Jenkins 在同一個容器中,與 supervisord 一起運行。 Docker 容器在 AWS ECS 中的 ELB 后面運行。
NGINX 應該將流量從 http://jenkins 轉發到 https://jenkins。
會發生什么流量:
https://jenkins/computer/ --> 轉到 https ✅
https://jenkins/computer --> 轉到 http 和端口 443 ❌
配置:
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /var/www/;
index index.html index.htm;
client_max_body_size 10M;
server_name jenkins;
ignore_invalid_headers off;
location / {
allow vpnip/32;
deny all;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Fix the "It appears that your reverse proxy set up is broken" error.
proxy_pass http://127.0.0.1:8080;
proxy_read_timeout 90;
proxy_redirect http://127.0.0.1:8080 https://jenkins;
proxy_http_version 1.1;
proxy_request_buffering off;
proxy_buffering off; # Required for HTTP-based CLI to work over SSL
if ($http_x_forwarded_proto != "https") {
rewrite ^(.*)$ https://$server_name$1 permanent;
}
}
Output:
https://jenkins/computer
DNT: 1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
302 Found
Date: Tue, 21 Jul 2020 13:35:47 GMT
Location: http://jenkins:443/computer/
Server: nginx
X-Content-Type-Options: nosniff
Content-Length: 0
Connection: keep-alive
發生這種情況的原因可能是什么?
我在同一個容器中使用nginx
和python/gunicon
(生產Flask
服務),在我看來,您的配置比您需要的要復雜得多
這就是我所擁有的
http {
.... [other stuff] ....
upstream my_servers {
server unix:/ram/gunicon_1.sock;
server unix:/ram/gunicon_2.sock;
}
server {
listen 800 ssl;
server_name localhost;
ssl_certificate certkey.pem;
ssl_certificate_key certkey.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://my_servers;
}
}
在這個設置中,我在兩個不同的 unix gunicorn
上運行兩個 gunicorn 實例,並讓nginx
在它們之間進行負載平衡(循環)。
如果 unix 套接字上只有一個 Jenkins 實例,則可以
proxy_pass http://unix:/ram/my_socket.sock;
或者一個 IP 地址,無論您正在運行 Jenkins。
如果您有很多連接/斷開連接周期,unix 插座比 TCP 插座更有效。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.