Mar*_*ust 8 ssl proxy nginx meteor kubernetes
我在Google Cloud上使用Kubernetes部署了Meteor应用程序,配置了Nginx作为SSL终止.一切正常.
但是,似乎如果两个不同的客户端连接到两个不同的SSL容器,则更新不会在相应的应用程序上显示最多10秒,这使得Websockets看起来不起作用,但轮询正在生效.我已确认所有客户端都与Websockets连接,但由于更新不会立即传播,因此Nginx可能未配置为与Meteor应用程序正确通信.
这是我的SSL/Nginx服务:
apiVersion: v1
kind: Service
metadata:
name: frontend-ssl
labels:
name: frontend-ssl
spec:
ports:
- name: http
port: 80
targetPort: 80
- name: https
port: 443
targetPort: 443
selector:
name: frontend-ssl
type: LoadBalancer
loadBalancerIP: 123.456.123.456
sessionAffinity: ClientIP
这是流星服务:
apiVersion: v1
kind: Service
metadata:
name: frontend
labels:
name: frontend
spec:
ports:
- port: 3000
targetPort: 3000
selector:
name: flow-frontend
type: LoadBalancer
loadBalancerIP: 123.456.123.456
sessionAffinity: ClientIP
对于SSL终止,我使用Kubernetes建议的SSL设置与Websockets添加分开https://github.com/markoshust/nginx-ssl-proxy
在您的 NginX 配置中,您是否确保ip_hash每次都使用该标志将 Websocket 定向到同一服务器?您还需要确保转发 websocket Upgrade 标头:
upstream meteorapp{
ip_hash;
server hostname:port
}
server {
# your server stuff here
#
location / {
proxy_pass http://meteorapp;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_redirect http:// $scheme://;
}
}
| 归档时间: |
|
| 查看次数: |
825 次 |
| 最近记录: |