Adh*_*h M 10 sockets nginx amazon-web-services kubernetes amazon-eks
我一直在尝试在 AWS EKS 集群中运行一些服务。我按照 ingress-nginx 指南使用 AWS ACM 证书获取 https
在入口控制器使用 tls 终止
我为每个服务使用了 3 条路线作为
adminer.xxxx.com - 指向一个管理员服务
socket.xxxx.com - 指向 nodejs 编写的 wss 服务
service.xxxx.com - 指向返回连接到套接字 url 的页面的程序
没有 TLS 终止,在 http:// 中一切正常,ws://socket.xxxx.com/socket.io连接并响应良好。
当我添加 TLS 时,请求转到wss://socket.xxxx.com/socket.io并且 nginx 返回 400。我不知道为什么会发生这种情况。
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-service
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/proxy-body-size: 100m
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $http_host;
# nginx.ingress.kuberenetes.io/use-regex: "true"
spec:
rules:
- host: adminer.xxxx.com
http:
paths:
- path: /
backend:
serviceName: adminer-svc
servicePort: 8080
- host: socket.xxxx.com
http:
paths:
- path: /
backend:
serviceName: nodejs-svc
servicePort: 2020
- host: service.xxxx.com
http:
paths:
- path: /
backend:
serviceName: django-svc
servicePort: 8000
我试过有和没有这些配置
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $http_host;
我也尝试将socket.xxxx.com更改为service.xxxx.com并分配为转发给/socket.io路径
我还在 nodejs 中放置了一个带有 express 的 url 来测试它是否正常工作,并且它在 https:// 中正确响应
只有 wss:// 有问题。
PS:当在具有 nginx 配置的普通系统中设置 nginx 时,整个服务都可以工作
location / {
proxy_pass http://localhost:2020/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
我也尝试过这样的请求
https://node-socket.xxxx.com/socket.io/?EIO=3&transport=polling这有效
https://node-socket.xxxx.comsocket.io/?EIO=3&transport=websocket这不是。
我试过的组合
protocol, balancer, backendproto, transport => result
wss://, ELB, TCP, websocket => 400
wss://, NLB, TCP, websocket => 400
wss://, ELB, HTTP, websocket => 400
wss://, NLB, HTTP, websocket => 400
ws://, ELB, TCP, websocket => 400
ws://, ELB, HTTP, websocket => 400
ws://, NLB, TCP, websocket => 400
ws://, NLB, HTTP, websocket => 400
投票在每种情况下都有效
你似乎失踪了
nginx.org/websocket-services
注解
它的值应该是 kubernetes 服务名称的值。请参阅https://docs.nginx.com/nginx-ingress-controller/configuration/ingress-resources/advanced-configuration-with-annotations/
| 归档时间: |
|
| 查看次数: |
1893 次 |
| 最近记录: |