ingress nginx redirect from www to https

房东的猫 提交于 2021-01-29 13:58:14

问题


I'm trying to redirect http://www... and https://www... to https://... using ingress-nginx. How can I do that?

I've tried adding the following custom configuration using the annotation nginx.ingress.kubernetes.io/server-snippet and nginx.ingress.kubernetes.io/configuration-snippet:

# 1
if($host = "www.example.com") {
    return 308 https://example.com$request_uri;
}

# 2
server {
    server_name www.example.com;
    return 308 https://example.com$request_uri;
}

# 3
server_name www.example.com;
return 308 https://example.com$request_uri;

But I get an error in the nginx controller logs for #1:

2019/12/07 20:58:47 [emerg] 48898#48898: unknown directive "if($host" in /tmp/nginx-cfg775816039:418
nginx: [emerg] unknown directive "if($host" in /tmp/nginx-cfg775816039:418
nginx: configuration file /tmp/nginx-cfg775816039 test failed

For #2 I get an error that the server block is not allowed at that position and using #3 leads to infinite redirects. My ingress yaml looks like this:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-nginx
  annotations:
    kubernetes.io/ingress.class: "nginx"
    kubernetes.io/ingress.global-static-ip-name: "example-com"
    nginx.ingress.kubernetes.io/rewrite-target: "/"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "86400s"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "86400s"
    nginx.ingress.kubernetes.io/proxy-body-size: "100m"
    nginx.ingress.kubernetes.io/limit-rps: "20"
    nginx.ingress.kubernetes.io/client-max-body-size: "100m"
    nginx.ingress.kubernetes.io/configuration-snippet: |
      # see above
spec:
  tls:
  - hosts:
      - example.com
    secretName: certificate-secret
  rules:
  - host: sub.example.com
    http:
      paths:
      - backend:
          serviceName: service-sub
          servicePort: 1234
# more subdomains here
  - host: example.com
    http:
      paths:
      - backend:
          serviceName: service-example
          servicePort: 1235
  - host: "*.example.com"
    http:
      paths:
      - backend:
          serviceName: service-example-wildcard
          servicePort: 1236

I've also tried setting the nginx.ingress.kubernetes.io/from-to-www-redirect: "true" annotation, but that leads to a different error:

2019/12/07 21:20:34 [emerg] 51558#51558: invalid server name or wildcard "www.*.example.com" on 0.0.0.0:80
nginx: [emerg] invalid server name or wildcard "www.*.example" on 0.0.0.0:80
nginx: configuration file /tmp/nginx-cfg164546048 test failed

回答1:


Ok I got it. The missing space after if fixed it. Thank you mdaniel :) Here is a working configuration that redirects anything to https://... without www:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-nginx-integration
  namespace: integration
  annotations:
    kubernetes.io/ingress.class: "nginx"
    kubernetes.io/ingress.global-static-ip-name: "example-com"
    nginx.ingress.kubernetes.io/rewrite-target: "/"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "86400s"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "86400s"
    nginx.ingress.kubernetes.io/proxy-body-size: "100m"
    nginx.ingress.kubernetes.io/limit-rps: "20"
    nginx.ingress.kubernetes.io/client-max-body-size: "100m"
    nginx.ingress.kubernetes.io/configuration-snippet: |
      if ($host = "www.example.com") {
          return 308 https://example.com$request_uri;
      }
spec:
  tls:
  - hosts:
      - example.com
    secretName: certificate-integration-secret
  rules:
  - host: subdomain.example.com
    http:
      paths:
      - backend:
          serviceName: service-emviwiki
          servicePort: 4000
  # ... more rules, NO www here



来源:https://stackoverflow.com/questions/59230411/ingress-nginx-redirect-from-www-to-https

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!