通过Apache配置Spinnaker HTTPS
我的Spinnaker运行在Kubernetes中,服务类型为: LoadBalancer,并在下面添加了azure注释,以获取内部子网私有ip地址以在内部公开服务。
annotations:
service.beta.kubernetes.io/azure-load-balancer-internal: "true"
service.beta.kubernetes.io/azure-load-balancer-internal-subnet: subnetName我有一个安装了Apache的ubuntu虚拟机。在apache配置中创建自签名证书并终止,我可以使用HTTPS访问apache主页。
然后,我已经为Spinnaker服务IP地址创建了代理规则。基本上,我想从Apache HTTPS -->访问Spinnaker,以便在内部向kubernetes服务发送HTTP流量。
以下是Apache配置:
xxxx@xxxx:/etc/apache2/sites-available$ ls -ltrh
total 28K
-rw-r--r-- 1 root root 1332 Jul 16 18:14 000-default.conf
-rw-r--r-- 1 root root 6338 Jul 16 18:14 default-ssl.conf
drwxr-xr-x 2 root root 4096 Dec 12 17:24 abc
-rw-r--r-- 1 root root 680 Dec 12 13:04 abc.conf
drwxr-xr-x 2 root root 4096 Dec 12 14:29 xyz
-rw-r--r-- 1 root root 1151 Dec 12 13:08 xyz.conf
cat abc/00-redirect-to-https.conf
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^spinnaker$ / [L,R=302]
cat abc.conf
<VirtualHost *:80>
ServerAdmin webmaster@localhost
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/abc_error.log
CustomLog ${APACHE_LOG_DIR}/abc_access.log combined
<IfModule mod_headers.c>
RequestHeader unset X-Forwarded-For
RequestHeader unset X-Forwarded-Host
RequestHeader unset X-Forwarded-Server
RequestHeader set X-Forwarded-Proto "http"
RequestHeader set X-Forwarded-Port "80"
</IfModule>
# Apache will try to set application/json based on mime type
# This behaviour casing problems with empty json responses from spring
RemoveType json
Include sites-available/abc/*.conf
</VirtualHost>
cat xyz/00-spinnaker.conf
ProxyPass /spinnaker balancer://spinnaker
ProxyPassReverse /spinnaker balancer://spinnaker
ProxyRequests Off
AllowEncodedSlashes NoDecode
<Proxy balancer://spinnaker>
BalancerMember http://172.18.1.99:9000/spinnaker loadfactor=1 keepalive=On retry=0
ProxySet lbmethod=bytraffic
</Proxy>
cat xyz.conf
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName FQDN
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/xyz_error.log
CustomLog ${APACHE_LOG_DIR}/xyz_access.log combined
<IfModule mod_headers.c>
RequestHeader unset X-Forwarded-For
RequestHeader unset X-Forwarded-Host
RequestHeader unset X-Forwarded-Server
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
</IfModule>
SSLEngine on
SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLCertificateFile /etc/apache2/certs/ca.cert
SSLCertificateKeyFile /etc/apache2/certs/ca.key
# Apache will try to set application/json based on mime type
# This behaviour casing problems with empty json responses from spring
RemoveType json
Include sites-available/xyz/*.conf
</VirtualHost>如果我在浏览器https://apacheServerDomainName/spinnaker中请求这个url,那么它会重定向到spinnaker内部,但如果我想在spinnaker中访问任何其他页面,比如点击项目、应用程序等,那么它将不起作用,因为url将更改为https://apacheServerDomainName/applications,这将提供404,因为它假定从本地ubuntu apache服务器获取页面,而请求也应该重定向并从spinnaker响应。
请说明哪种apache rewrite rule可以帮助实现此要求或任何其他建议。
回答 1
Stack Overflow用户
发布于 2020-01-07 15:43:08
请按照以下步骤操作
- 为Spinnaker部署nginx入口controller
- Define入口规则将TLS证书包含在秘密
- Nginx控制器将执行TLS终止,允许通过HTTPS
进行外部连接
https://stackoverflow.com/questions/59623938
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号