Ingress-nginx随记:修订间差异
(创建页面,内容为“Ingress nginx annotation doc https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/ === Lua 相关 === nginx 原生是不支持Lua的, Ingress nginx能用lua是因为引用了 [https://github.com/openresty/lua-nginx-module openresty/lua-nginx-module] 需要特别注意的是 ''<code>rewrite_by_lua_block</code>'' always runs ''after'' the standard ngx_http_rewrite_module. -- TO DO -- 分类:Ingress 分类:K8s”) |
小无编辑摘要 |
||
(未显示同一用户的4个中间版本) | |||
第2行: | 第2行: | ||
https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/ | https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/ | ||
=== UseForwardedHeaders (configmap配置键: use-forwarded-headers, default: false) === | |||
https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#use-forwarded-headers | |||
* If true, NGINX passes the incoming `X-Forwarded-*` headers to upstreams. Use this option when NGINX is behind another L7 proxy / load balancer that is setting these headers. | |||
* If false, NGINX ignores incoming <code>X-Forwarded-*</code> headers, filling them with the request information it sees. Use this option if NGINX is exposed directly to the internet, or it's behind a L3/packet-based load balancer that doesn't alter the source IP in the packets. | |||
当 use_forwarded_headers 开启后, <code>x-forwarded-proto</code> 及 <code>x-forwarded-port</code> 及 <code>x-forwarded-host</code> header将会被传递到后端。 | |||
且由于 ''<code>rewrite_by_lua_block</code>'' 是在 <code>ngx_http_rewrite_module</code> 之后运行的(set 指令位于ngx_http_rewrite_module),所以我们可以结合 Ingress-Nginx 的 annotation 实现对 hosts 字段的修改 | |||
例如在ingress cr中利用以下的 annotation,这样假设到 ingress 中的请求,带有 Name 为 realdomain 的 cookie,那么该请求的 <code>hosts</code> 及 <code>x-forwarded-host</code> 就会被改写为 realdomain 相应的值,然后再转发给相应的 Backend | |||
annotations: | |||
nginx.ingress.kubernetes.io/configuration-snippet: | | |||
if ($cookie_realdomain != "") { | |||
set $http_x_forwarded_host $cookie_realdomain; | |||
} | |||
以下以 ingress-nginx-controller v0.49.3版本为例: | |||
Ingress-Nginx 中 Lua 关联实现如下: | |||
-- rewrite gets called in every location context. | |||
-- This is where we do variable assignments to be used in subsequent | |||
-- phases or redirection | |||
function _M.rewrite(location_config) | |||
ngx.var.pass_access_scheme = ngx.var.scheme | |||
ngx.var.best_http_host = ngx.var.http_host or ngx.var.host | |||
if config.use_forwarded_headers then | |||
-- trust http_x_forwarded_proto headers correctly indicate ssl offloading | |||
if ngx.var.http_x_forwarded_proto then | |||
ngx.var.pass_access_scheme = ngx.var.http_x_forwarded_proto | |||
end | |||
if ngx.var.http_x_forwarded_port then | |||
ngx.var.pass_server_port = ngx.var.http_x_forwarded_port | |||
end | |||
-- Obtain best http host | |||
if ngx.var.http_x_forwarded_host then | |||
ngx.var.best_http_host = parse_x_forwarded_host() | |||
end | |||
end | |||
........... | |||
关联的渲染后的 Nginx conf 如下: | |||
[[文件:Ingress-nginx-configuration-snippet.png|替代=Ingress-nginx-configuration-snippet|无框|800x800像素]] | |||
[[文件:Ingress-Nginx-raw-snippet.png|替代=Ingress-Nginx-raw-snippet|无框|800x800像素]] | |||
=== Lua 相关 === | === Lua 相关 === | ||
第9行: | 第62行: | ||
[[分类:Ingress]] | [[分类:Ingress]] | ||
[[分类:K8s]] | [[分类:K8s]] |
2024年7月4日 (四) 14:53的最新版本
Ingress nginx annotation doc
https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/
UseForwardedHeaders (configmap配置键: use-forwarded-headers, default: false)
- If true, NGINX passes the incoming `X-Forwarded-*` headers to upstreams. Use this option when NGINX is behind another L7 proxy / load balancer that is setting these headers.
- If false, NGINX ignores incoming
X-Forwarded-*
headers, filling them with the request information it sees. Use this option if NGINX is exposed directly to the internet, or it's behind a L3/packet-based load balancer that doesn't alter the source IP in the packets.
当 use_forwarded_headers 开启后, x-forwarded-proto
及 x-forwarded-port
及 x-forwarded-host
header将会被传递到后端。
且由于 rewrite_by_lua_block
是在 ngx_http_rewrite_module
之后运行的(set 指令位于ngx_http_rewrite_module),所以我们可以结合 Ingress-Nginx 的 annotation 实现对 hosts 字段的修改
例如在ingress cr中利用以下的 annotation,这样假设到 ingress 中的请求,带有 Name 为 realdomain 的 cookie,那么该请求的 hosts
及 x-forwarded-host
就会被改写为 realdomain 相应的值,然后再转发给相应的 Backend
annotations: nginx.ingress.kubernetes.io/configuration-snippet: | if ($cookie_realdomain != "") { set $http_x_forwarded_host $cookie_realdomain; }
以下以 ingress-nginx-controller v0.49.3版本为例:
Ingress-Nginx 中 Lua 关联实现如下:
-- rewrite gets called in every location context. -- This is where we do variable assignments to be used in subsequent -- phases or redirection function _M.rewrite(location_config) ngx.var.pass_access_scheme = ngx.var.scheme ngx.var.best_http_host = ngx.var.http_host or ngx.var.host if config.use_forwarded_headers then -- trust http_x_forwarded_proto headers correctly indicate ssl offloading if ngx.var.http_x_forwarded_proto then ngx.var.pass_access_scheme = ngx.var.http_x_forwarded_proto end if ngx.var.http_x_forwarded_port then ngx.var.pass_server_port = ngx.var.http_x_forwarded_port end -- Obtain best http host if ngx.var.http_x_forwarded_host then ngx.var.best_http_host = parse_x_forwarded_host() end end ...........
关联的渲染后的 Nginx conf 如下:
Lua 相关
nginx 原生是不支持Lua的, Ingress nginx能用lua是因为引用了 openresty/lua-nginx-module
需要特别注意的是 rewrite_by_lua_block
always runs after the standard ngx_http_rewrite_module.