我遇到了 nginx 中重定向过多的问题。
这是我的 yaml:
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-mizuconecta
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
hostPath:
path: /mnt/data/mizuconecta
persistentVolumeReclaimPolicy: Retain
storageClassName: standard
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-mizuconecta
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: standard
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: php-fpm-deployment
spec:
replicas: 2
selector:
matchLabels:
app: php-fpm
template:
metadata:
labels:
app: php-fpm
spec:
containers:
- name: php-fpm
image: php:fpm-alpine
ports:
- containerPort: 9000
volumeMounts:
- mountPath: /var/www/html
name: php-storage
resources:
limits:
memory: "2Gi"
cpu: "2"
requests:
memory: "2Gi"
cpu: "1"
env:
- name: PHP_MEMORY_LIMIT
value: "2G"
- name: PHP_MAX_EXECUTION_TIME
value: "900"
- name: PHP_MAX_INPUT_TIME
value: "900"
- name: PHP_POST_MAX_SIZE
value: "200M"
- name: PHP_UPLOAD_MAX_FILESIZE
value: "200M"
- name: PHP_MAX_FILE_UPLOADS
value: "20"
- name: PHP_OPCACHE_MEMORY_CONSUMPTION
value: "128"
volumes:
- name: php-storage
persistentVolumeClaim:
claimName: pvc-mizuconecta
---
apiVersion: v1
kind: Service
metadata:
name: php-fpm-service
spec:
selector:
app: php-fpm
ports:
- protocol: TCP
port: 9000
targetPort: 9000
name: php
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "200m"
nginx.ingress.kubernetes.io/proxy-send-timeout: "900"
nginx.ingress.kubernetes.io/proxy-read-timeout: "900"
nginx.ingress.kubernetes.io/force-ssl-redirect: "false" # Desativar redirecionamento forçado
nginx.ingress.kubernetes.io/ssl-redirect: "false" # Desativar redirecionamento SSL
spec:
tls:
- hosts:
- mizuconecta.mizu.com.br
secretName: tls-mizu
rules:
- host: mizuconecta.mizu.com.br
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx-service
port:
number: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 443
targetPort: 443
name: https
- protocol: TCP
port: 80
targetPort: 80
name: http
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 443
- containerPort: 80
volumeMounts:
- mountPath: /var/www/html/
name: nginx-storage
- mountPath: /etc/nginx/conf.d
name: nginx-config
- mountPath: /etc/nginx/ssl
name: nginx-ssl
volumes:
- name: nginx-storage
persistentVolumeClaim:
claimName: pvc-mizuconecta
- name: nginx-config
configMap:
name: nginx-config
- name: nginx-ssl
secret:
secretName: tls-mizu
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-config
data:
default.conf: |
server {
listen 80;
server_name dominio.com
location / {
return 301 https://$host$request_uri; # Redirecionar HTTP para HTTPS
}
}
server {
listen 443 ssl;
server_name dominio.com;
ssl_certificate /etc/nginx/ssl/tls.crt;
ssl_certificate_key /etc/nginx/ssl/tls.key;
root /var/www/html;
index index.php index.html;
keepalive_timeout 900;
client_header_timeout 900;
client_body_timeout 900;
reset_timedout_connection on;
send_timeout 900;
fastcgi_buffers 8 128k;
fastcgi_buffer_size 128k;
client_max_body_size 200m;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass php-fpm-service:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
}
location ~ /\.ht {
deny all;
}
}
这里记录
root@srv-dcay01:/home/triplex/axcel/camunda/nginx/novo# kubectl 日志 -l app.kubernetes.io/name=ingress-nginx -n ingress-nginx W0605 13:40:45.294575 1 client_config.go:618] 未指定 --kubeconfig 和 --master 。 使用 inClusterConfig。 这可能行不通。 {“err”:“未找到秘密“ingress-nginx-admission””,“level”:“信息”,“msg”:“未找到秘密”,“source”:“k8s/k8s.go:229”, “时间”:“2024-06-05T13:40:45Z”} {"level":"info","msg":"创建新秘密","source":"cmd/create.go:28","time":"2024-06-05T13:40:45Z"} W0605 13:40:47.003989 1 client_config.go:618] 未指定 --kubeconfig 和 --master 。 使用 inClusterConfig。 这可能行不通。 {"level":"info","msg":"修补 webhook 配置 'ingress-nginx-admission' mutating=false, validating=true, failurePolicy=Fail","source":"k8s/k8s.go:118" ,“时间”:“2024-06-05T13:40:47Z”} {"level":"info","msg":"修补钩子","source":"k8s/k8s.go:138","time":"2024-06-05T13:40:47Z" } 177.91.216.253 - - [05/Jun/2024:17:31:15 +0000]“GET / HTTP/2.0”301 169“-”“Mozilla/5.0(Windows NT 10.0;Win64;x64;rv:126.0)Gecko /20100101 Firefox/126.0" 25 0.001 [default-nginx-service-80] [] 10.244.0.72:80 169 0.000 301 6da273aec3981569189b28d0c6fcdca1 177.91.216.253 - - [05/Jun/2024:17:31:15 +0000]“GET / HTTP/2.0”301 169“-”“Mozilla/5.0(Windows NT 10.0;Win64;x64;rv:126.0)Gecko /20100101 Firefox/126.0" 25 0.000 [default-nginx-service-80] [] 10.244.0.73:80 169 0.001 301 d2ea029c296d20e14c8c0e0d33df38bd 177.91.216.253 - - [05/Jun/2024:17:31:15 +0000]“GET / HTTP/2.0”301 169“-”“Mozilla/5.0(Windows NT 10.0;Win64;x64;rv:126.0)Gecko /20100101 Firefox/126.0" 25 0.001 [default-nginx-service-80] [] 10.244.0.72:80 169 0.000 301 a710973ce9605404331cd90809e8ac8e 177.91.216.253 - - [05/Jun/2024:17:31:15 +0000]“GET / HTTP/2.0”301 169“-”“Mozilla/5.0(Windows NT 10.0;Win64;x64;rv:126.0)Gecko /20100101 Firefox/126.0" 25 0.001 [default-nginx-service-80] [] 10.244.0.73:80 169 0.000 301 d93c46f009661489e90fa49dd725c4b5 177.91.216.253 - - [05/Jun/2024:17:31:15 +0000]“GET / HTTP/2.0”301 169“-”“Mozilla/5.0(Windows NT 10.0;Win64;x64;rv:126.0)Gecko /20100101 Firefox/126.0" 25 0.000 [default-nginx-service-80] [] 10.244.0.72:80 169 0.001 301 ad478864c45f1ce80ef1ccbdb2488bac 177.91.216.253 - - [05/Jun/2024:17:31:15 +0000]“GET / HTTP/2.0”301 169“-”“Mozilla/5.0(Windows NT 10.0;Win64;x64;rv:126.0)Gecko /20100101 Firefox/126.0" 25 0.000 [default-nginx-service-80] [] 10.244.0.73:80 169 0.001 301 679677a9b59e8af63f849dad3c9e30c8 177.91.216.253 - - [05/Jun/2024:17:31:15 +0000]“GET / HTTP/2.0”301 169“-”“Mozilla/5.0(Windows NT 10.0;Win64;x64;rv:126.0)Gecko /20100101 Firefox/126.0" 25 0.001 [default-nginx-service-80] [] 10.244.0.72:80 169 0.000 301 497c168e753c701b3b05eabba9d98840 177.91.216.253 - - [05/Jun/2024:17:31:15 +0000]“GET / HTTP/2.0”301 169“-”“Mozilla/5.0(Windows NT 10.0;Win64;x64;rv:126.0)Gecko /20100101 Firefox/126.0" 25 0.001 [default-nginx-service-80] [] 10.244.0.73:80 169 0.000 301 d37e2cf2669d0d5abe2aeed5dc022547 177.91.216.253 - - [05/Jun/2024:17:31:15 +0000]“GET / HTTP/2.0”301 169“-”“Mozilla/5.0(Windows NT 10.0;Win64;x64;rv:126.0)Gecko /20100101 Firefox/126.0" 25 0.001 [default-nginx-service-80] [] 10.244.0.72:80 169 0.000 301 062146bc5b1af98799122eb99712837c 177.91.216.253 - - [05/Jun/2024:17:31:15 +0000]“GET / HTTP/2.0”301 169“-”“Mozilla/5.0(Windows NT 10.0;Win64;x64;rv:126.0)Gecko /20100101 Firefox/126.0" 25 0.001 [default-nginx-service-80] [] 10.244.0.73:80 169 0.000 301 627f7c25260b729b52fa24d726fac688 root@srv-dcay01:/home/triplex/axcel/camunda/nginx/novo# ^C
我已经尝试更改 configmap 和 ingress 设置,但要么显示我正在使用 http 而不是 https,要么它提供了太多重定向
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-mizuconecta
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
hostPath:
path: /mnt/data/mizuconecta
persistentVolumeReclaimPolicy: Retain
storageClassName: standard
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-mizuconecta
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: standard
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx
data:
nginx.conf: |
server {
listen 80;
listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/nginx/ssl/tls.crt;
ssl_certificate_key /etc/nginx/ssl/tls.key;
keepalive_timeout 900;
client_header_timeout 900;
client_body_timeout 900;
reset_timedout_connection on;
send_timeout 900;
fastcgi_buffers 8 128k;
fastcgi_buffer_size 128k;
client_max_body_size 200m;
access_log off;
root /var/www/html;
index index.php;
server_name mizuconecta.mizu.com.br;
server_tokens off;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass php-app:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress
spec:
tls:
- hosts:
- mizuconecta.mizu.com.br
secretName: tls-mizu
rules:
- host: mizuconecta.mizu.com.br
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx-service
port:
number: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
labels:
app: nginx
layer: frontend
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx
ports:
- containerPort: 80
- containerPort: 443
volumeMounts:
- mountPath: /var/www/html/
name: contents
- name: nginx-config
mountPath: /etc/nginx/conf.d/default.conf
subPath: nginx.conf
- name: tls-secret
mountPath: /etc/nginx/ssl
readOnly: true
volumes:
- name: contents
persistentVolumeClaim:
claimName: pvc-mizuconecta
- name: nginx-config
configMap:
name: nginx
- name: tls-secret
secret:
secretName: tls-mizu
---
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80
name: http
- protocol: TCP
port: 443
targetPort: 443
name: https
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: php-app
labels:
app: php-app
layer: backend
spec:
replicas: 1
selector:
matchLabels:
app: php-app
template:
metadata:
labels:
app: php-app
spec:
containers:
- name: php-app
image: php:fpm-alpine
ports:
- containerPort: 9000
volumeMounts:
- mountPath: /var/www/html/
name: contents
env:
- name: PHP_MEMORY_LIMIT
value: "2G"
- name: PHP_MAX_EXECUTION_TIME
value: "900"
- name: PHP_MAX_INPUT_TIME
value: "900"
- name: PHP_POST_MAX_SIZE
value: "200M"
- name: PHP_UPLOAD_MAX_FILESIZE
value: "200M"
- name: PHP_MAX_FILE_UPLOADS
value: "20"
- name: PHP_OPCACHE_MEMORY_CONSUMPTION
value: "128"
volumes:
- name: contents
persistentVolumeClaim:
claimName: pvc-mizuconecta
---
apiVersion: v1
kind: Service
metadata:
name: php-app
labels:
app: php-app
layer: backend
spec:
type: ClusterIP
selector:
app: php-app
ports:
- port: 9000
targetPort: 9000
name: php
这个图表有效