'how to proxy through nginx server to nginx ingress controller
there are two servers
- external server on it nginx server
- internal access to it only through an external server, and also k8s with nginx ingress controller is installed on it
the problem is that I can't get proxying from k8srancher.ru to rancher.k8smaster.ru to work if proxy_set_header Host $host; is in the external nginx config, then when you go to the site, the error 404 Not Found if you remove it, the site opens but does not work correctly (I can’t even log in)
tell me where and what to add so that proxying works correctly
External server code nginx server /etc/nginx/conf.d/rancher.conf
map $http_upgrade $connection_upgrade {
default Upgrade;
'' close;
}
server {
listen 80;
server_name k8srancher.ru;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name k8srancher.ru;
ssl_prefer_server_ciphers on;
ssl_session_timeout 1d;
ssl_verify_client off;
ssl_session_cache builtin:1100 shared:SSL:10m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers EECDH:+AES256:-3DES:RSA+AES:RSA+3DES:!NULL:!RC4;
ssl_certificate /etc/nginx/ssl/k8soshift.ru.pem;
ssl_certificate_key /etc/nginx/ssl/k8soshift.ru.key;
location / {
# proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://rancher.k8smaster.ru/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
ingress controller config file on back end server (kubectl edit cm -n ingress-nginx ingress-nginx-controller)
apiVersion: v1
data:
allow-snippet-annotations: "true"
use-forwarded-headers: "true"
kind: ConfigMap
metadata:
annotations:
meta.helm.sh/release-name: ingress-nginx
meta.helm.sh/release-namespace: ingress-nginx
creationTimestamp: "2022-05-01T12:17:11Z"
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.2.0
helm.sh/chart: ingress-nginx-4.1.0
name: ingress-nginx-controller
namespace: ingress-nginx
resourceVersion: "31126"
uid: 0db55f76-6e6d-45a8-8996-abc7478ebc28
file ingress rancher.k8smaster.ru (kubectl edit ingress rancher -n cattle-system)
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/issuer: rancher
cert-manager.io/issuer-kind: Issuer
field.cattle.io/publicEndpoints: '[{"addresses":["10.209.40.2"],"port":443,"protocol":"HTTPS","serviceName":"cattle-system:rancher","ingressName":"cattle-system:rancher","hostname":"rancher.k8smaster.ru","allNodes":false}]'
kubernetes.io/ingress.class: nginx
meta.helm.sh/release-name: rancher
meta.helm.sh/release-namespace: cattle-system
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_headers "Host k8srancher.ru";
more_set_headers "X-Forwarded-Proto $scheme";
more_set_headers "X-Forwarded-Port $server_port";
more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for";
more_set_headers "X-Real-IP $remote_addr";
nginx.ingress.kubernetes.io/proxy-connect-timeout: "30"
nginx.ingress.kubernetes.io/proxy-read-timeout: "1800"
nginx.ingress.kubernetes.io/proxy-send-timeout: "1800"
creationTimestamp: "2022-05-01T12:32:56Z"
generation: 1
labels:
app: rancher
app.kubernetes.io/managed-by: Helm
chart: rancher-2.6.4
heritage: Helm
release: rancher
name: rancher
namespace: cattle-system
resourceVersion: "71869"
uid: 89245b12-68f9-4e7b-a074-527505b84c73
spec:
ingressClassName: nginx
rules:
- host: rancher.k8smaster.ru
http:
paths:
- backend:
service:
name: rancher
port:
number: 80
pathType: ImplementationSpecific
tls:
- hosts:
- rancher.k8smaster.ru
secretName: tls-rancher-ingress
status:
loadBalancer:
ingress:
- ip: 10.209.40.2
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|