nginx - Hostname (SNI) missing while using nginx ingress SSL Passtrough to underlying service
问题描述
I'm trying to implement SSL Passtrough with nginx-ingress-controller
. This is my Ingress Object:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
labels:
my-label: example
name: example
namespace: example
spec:
rules:
- host: '*.example.com'
http:
paths:
- backend:
serviceName: example
servicePort: 8443
path: /
The --enable-ssl-passtrough
flag is present in the controller args.
When request is coming trough ingress controller to my underlying service I'm trying to parse the SNI to find out what domain was used to find out the certificate I should present, but the service cannot find the SNI and returns this error:
{"level":"debug","ts":1592992137.1836417,"msg":"Error getting server name","error":"No hostname"}
Does nginx-ingress-controller
remove the SNI when parsing? Or what may be the reason for such behavior?
Thanks in advance for help
解决方案
我直接联系了 nginx-ingress 开发人员,我得到的信息是这不起作用的原因是通配符域,它不受nginx-ingress
.
其他所有内容都已正确配置,并且在更改*.example.com
为特定内容(例如whatever.example.com
)时,它可以正常工作。
推荐阅读
- python - 在 Python 中从 CSV 文件中的 Urls 将图像下载到本地文件夹
- python - python/redmine 检索 custom_field 的值
- r - 在 dplyr 中每 x 行创建间隔变量
- unit-testing - 使用 Echo 路由器在 golang 中为 WS 创建单元测试
- html - 为什么从 blob 存储链接时不显示 SVG 图像?
- angular - 从库发出的 Angular HTTP 请求被忽略
- python - 如何从 Sphinx 的默认搜索中排除 RST 文件?
- vb.net - NuGet 包无法将实际的 dll.deploy 部署到 IIS
- php - Facebook/Twitter 分享链接:仅来自帖子内容的图片或 Youtube 视频
- ios - 未在 iOS 上调用父自定义渲染器