Comments (4)
This issue is currently awaiting triage.
If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted
label and provide further guidance.
The triage/accepted
label can be added by org members by writing /triage accepted
in a comment.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
from ingress-nginx.
/remove-kind bug
- Hoping to get some conclusive proof as data before applying the bug label
- Can you post the links to docs/references about host not being required. Asking because I think there is text out there that hosts in tls and hosts in http fields must match.
- Also I read that the server-alias implementation just copies the config of the host in a new server block, and juts sets the server-block name to the value of the alias.
from ingress-nginx.
/triage needs-information
from ingress-nginx.
Hi there @longwuyuan,
First off hello and thanks for the reply!
Can you post the links to docs/references about host not being required. Asking because I think there is text out there that hosts in tls and hosts in http fields must match.
Hi there I could not find specific documentation regarding the host not being required. In this case wouldn't the hosts and the tls hosts match on the wildcard?
Also I read that the server-alias implementation just copies the config of the host in a new server block, and juts sets the server-block name to the value of the alias.
Here is the server block with the alias created, it looks identical outside of the addition of the domain under the server_name
.
## start server test.random.bar.example
server {
server_name test.random.bar.example test.cluster.foo.example ;
http2 on;
listen 80 ;
listen [::]:80 ;
listen 443 ssl;
listen [::]:443 ssl;
set $proxy_upstream_name "-";
ssl_certificate_by_lua_block {
certificate.call()
}
location / {
set $namespace "ingress-nginx";
set $ingress_name "test-ingress";
set $service_name "http-svc";
set $service_port "80";
set $location_path "/";
set $global_rate_limit_exceeding n;
rewrite_by_lua_block {
lua_ingress.rewrite({
force_ssl_redirect = false,
ssl_redirect = true,
force_no_ssl_redirect = false,
preserve_trailing_slash = false,
use_port_in_redirects = false,
global_throttle = { namespace = "", limit = 0, window_size = 0, key = { }, ignored_cidrs = { } },
})
balancer.rewrite()
plugins.run()
}
# be careful with `access_by_lua_block` and `satisfy any` directives as satisfy any
# will always succeed when there's `access_by_lua_block` that does not have any lua code doing `ngx.exit(ngx.DECLINED)`
# other authentication method such as basic auth or external auth useless - all requests will be allowed.
#access_by_lua_block {
#}
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
body_filter_by_lua_block {
plugins.run()
}
log_by_lua_block {
balancer.log()
plugins.run()
}
port_in_redirect off;
set $balancer_ewma_score -1;
set $proxy_upstream_name "ingress-nginx-http-svc-80";
set $proxy_host $proxy_upstream_name;
set $pass_access_scheme $scheme;
set $pass_server_port $server_port;
set $best_http_host $http_host;
set $pass_port $pass_server_port;
set $proxy_alternative_upstream_name "";
client_max_body_size 1m;
proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the backend
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Request-ID $req_id;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Forwarded-Scheme $pass_access_scheme;
proxy_set_header X-Scheme $pass_access_scheme;
# Pass the original X-Forwarded-For
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
# Custom headers to proxied server
proxy_connect_timeout 5s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering off;
proxy_buffer_size 4k;
proxy_buffers 4 4k;
proxy_max_temp_file_size 1024m;
proxy_request_buffering on;
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
# In case of errors try the next upstream server before returning an error
proxy_next_upstream error timeout;
proxy_next_upstream_timeout 0;
proxy_next_upstream_tries 3;
proxy_pass http://upstream_balancer;
proxy_redirect off;
}
}
## end server test.random.bar.example
If you add another host to the ingress rules I do see a new server block created and the certificate works as intended.
from ingress-nginx.
Related Issues (20)
- Ingress nginx controller changed load balancer when updating managed nodegroups AWS EKS HOT 4
- GRPC GOAWAY HOT 7
- Adapt the nginx.org/rewrites from the official nginxinc helm chart HOT 10
- Nginx ingress(v1.1.0) crashed HOT 4
- port 443 endpoint intermittent timeout HOT 3
- Configured DH param for ingress nginx controller but not working HOT 4
- Proposal to merge `images/nginx-1.25` into `images/nginx` and remove redundancy HOT 11
- Can we add header as nginx metric in prometheus HOT 2
- oAuth annotations not working on openshift but working in tanzu HOT 8
- X-Forwarded-Port is always fixed to 443. HOT 5
- Expose multiple ports to the same host HOT 5
- Feature to customize the leader election LeaderElection Time to Live HOT 1
- Enabling opentelemetry fails with helm v4.10.0 HOT 2
- Problems using grpcs in ingress nginx HOT 3
- `connection refused` errors whenever an nginx controller pod is terminated HOT 6
- Impact of Maxmind R2 presigned URLs HOT 6
- GeoIP2 docs mention incorrect folder for mounted volumes HOT 1
- Update ingress-nginx to latest v1.10.0 error calling semverCompare: Invalid Semantic Version HOT 2
- Open Telemetry with Jaeger backend Trace ID HOT 2
- AWS EKS IPv6 Cluster unable to use nginx ingress HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ingress-nginx.