I used helm to install ingress-nginx version below
sources:
- https://github.com/kubernetes/ingress-nginx
version: 4.8.0
When I use the following configuration, I can connect to my website normally, but when I add the host and SSL, it doesn't work. Please see the second section
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress-lb
namespace: dev-frontend
annotations:
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_headers "server: angusitlab";
more_set_headers "X-Content-Type-Options: nosniff";
more_set_headers "X-Frame-Options: DENY";
more_set_headers "X-Xss-Protection: 1";
nginx.ingress.kubernetes.io/enable-modsecurity: "true"
nginx.ingress.kubernetes.io/enable-owasp-core-rules: "true"
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/modsecurity-snippet: |
SecRuleEngine On
SecDebugLog /tmp/modsec_debug.log
SecRuleRemoveById 949110
nginx.ingress.kubernetes.io/whitelist-source-range: "0.0.0.0/0"
# # {{auth_type}}
# # {{auth_secret}}
spec:
ingressClassName: nginx-angusitlab
tls:
- hosts:
- www.angusitlab.com
secretName: http-secret-dev
rules:
- http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: dev-nginx
port:
number: 80
When I add the host and use certificates, I can't establish a connection no matter what I try.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: dev-nginx-ingress-lb
namespace: dev-frontend
annotations:
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_headers "server: angusitlab";
more_set_headers "X-Content-Type-Options: nosniff";
more_set_headers "X-Frame-Options: DENY";
more_set_headers "X-Xss-Protection: 1";
nginx.ingress.kubernetes.io/enable-modsecurity: "true"
nginx.ingress.kubernetes.io/enable-owasp-core-rules: "true"
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/modsecurity-snippet: |
SecRuleEngine On
SecDebugLog /tmp/modsec_debug.log
SecRuleRemoveById 949110
nginx.ingress.kubernetes.io/whitelist-source-range: "0.0.0.0/0"
# # {{auth_type}}
# # {{auth_secret}}
spec:
ingressClassName: nginx-angusitlab
tls:
- hosts:
- www.angusitlab.com
secretName: http-secret-dev
rules:
- host: www.angusitlab.com
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: dev-nginx
port:
number: 80
- path: /zh-hk/blog.*
pathType: ImplementationSpecific
backend:
service:
name: blog-wordpress
port:
number: 8081
- path: /en-us/blog.*
pathType: ImplementationSpecific
backend:
service:
name: blog-wordpress
port:
number: 8081
- path: /zh-hk/wp-.*
pathType: ImplementationSpecific
backend:
service:
name: blog-wordpress
port:
number: 8081
- path: /en-us/wp-.*
pathType: ImplementationSpecific
backend:
service:
name: blog-wordpress
port:
number: 8081
- path: /wp-.*
pathType: ImplementationSpecific
backend:
service:
name: blog-wordpress
port:
number: 8081
keep getting this result....
curl -k -v https://www.angusitlab.com
* Trying 20.239.2.101:443...
I tried rebuilding the AKS cluster, but even with the 4.8.3 version, it's still not working. I'm quite confused... please help!
I found if I apply an ingress with no host and deployment in default namespace, host www.angusitlab.com it will work normally... it might be an nginx config ....issue but I can not figure out why it is.
Ingress:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: hello-world-ingress
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$2
spec:
ingressClassName: nginx-471
rules:
- http:
paths:
- path: /hello-world-one(/|$)(.*)
pathType: Prefix
backend:
service:
name: aks-helloworld-one
port:
number: 80
- path: /hello-world-two(/|$)(.*)
pathType: Prefix
backend:
service:
name: aks-helloworld-two
port:
number: 80
- path: /(.*)
pathType: Prefix
backend:
service:
name: aks-helloworld-one
port:
number: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: hello-world-ingress-static
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/rewrite-target: /static/$2
spec:
ingressClassName: nginx
rules:
- http:
paths:
- path: /static(/|$)(.*)
pathType: Prefix
backend:
service:
name: aks-helloworld-one
port:
number: 80
Services and Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: aks-helloworld-one
spec:
replicas: 1
selector:
matchLabels:
app: aks-helloworld-one
template:
metadata:
labels:
app: aks-helloworld-one
spec:
containers:
- name: aks-helloworld-one
image: mcr.microsoft.com/azuredocs/aks-helloworld:v1
ports:
- containerPort: 80
env:
- name: TITLE
value: "Welcome to Azure Kubernetes Service (AKS)"
---
apiVersion: v1
kind: Service
metadata:
name: aks-helloworld-one
spec:
type: ClusterIP
ports:
- port: 80
selector:
app: aks-helloworld-one