在nginx-config.yaml中设置HTTP到HTTPS重定向(在AWS ELB + NGINX in中终止SSL以进行路由)

Question

我想重定向HTTP调用-> HTTPS，但我无法让它工作。我在StackOverflow和其他博客上搜索并尝试了不同的解决方案，但没有进行重定向。当前，HTTP和HTTPS都返回值。在下面的代码注释中，您可以看到其中一种解决方案尝试过:将HTTP8080更改为8080，并在nginx-config.yaml中设置为侦听8080并返回301https://$host$request_uri；

图片: nginx/ Nginx -ingress:1.7.0。安装清单(https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/)

部署

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-ingress
  namespace: nginx-ingress
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx-ingress
  template:
    metadata:
      labels:
        app: nginx-ingress
      # annotations:
        #prometheus.io/scrape: "true"
        #prometheus.io/port: "9113"
    spec:
      serviceAccountName: nginx-ingress
      containers:
      - image: nginx/nginx-ingress:1.7.0
        name: nginx-ingress
        ports:
        - name: http
          containerPort: 80
        - name: https
          containerPort: 443
       #- name: prometheus
         #containerPort: 9113
        securityContext:
          allowPrivilegeEscalation: true
          runAsUser: 101 #nginx
          capabilities:
            drop:
            - ALL
            add:
            - NET_BIND_SERVICE
        env:
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        args:
          - -nginx-configmaps=$(POD_NAMESPACE)/nginx-config
          - -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret
         #- -v=3 # Enables extensive logging. Useful for troubleshooting.
         #- -report-ingress-status
         #- -external-service=nginx-ingress
         #- -enable-leader-election
         #- -enable-prometheus-metrics
         #- -global-configuration=$(POD_NAMESPACE)/nginx-configuration

服务

apiVersion: v1
kind: Service
metadata:
  name: nginx-ingress
  namespace: nginx-ingress
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp"
    service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:xxxxxxxxxxxxxxxxx"
    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
spec:
  type: LoadBalancer
  ports:
  - port: 80
    targetPort: 80
    # targetPort: 8080
    protocol: TCP
    name: http
  - port: 443
    targetPort: 80
    protocol: TCP
    name: https
  selector:
    app: nginx-ingress

ConfigMap

kind: ConfigMap
apiVersion: v1
metadata:
  name: nginx-config
  namespace: nginx-ingress
data:
  proxy-protocol: "True"
  real-ip-header: "proxy_protocol"
  set-real-ip-from: "0.0.0.0/0"


# kind: ConfigMap
# apiVersion: v1
# metadata:
#   name: nginx-config
#   namespace: nginx-ingress
# data:
#   proxy-protocol: "True"
#   real-ip-header: "proxy_protocol"
#   set-real-ip-from: "0.0.0.0/0"
#   force-ssl-redirect: "false"
#   use-forwarded-headers: "true"
#   http-snippet: |
#     server {
#       listen 8080 proxy_protocol;
#       server_tokens off;
#       return 301 https://$host$request_uri;
#     }

Answer 1

在入口添加以下注释，为所有传入HTTP通信量设置无条件301重定向规则，以强制通过HTTPS输入流量。

ingress.kubernetes.io/ssl-redirect: "true"