通过Apache进行Spinnaker HTTPS配置
我的Spinnaker正在Kubernetes中运行,服务类型为LoadBalancer,并添加到azure注释下方,以获取内部子网私有ip地址,从而在内部公开服务通过Apache进行Spinnaker HTTPS配置,apache,kubernetes,proxy,reverse-proxy,spinnaker,Apache,Kubernetes,Proxy,Reverse Proxy,Spinnaker,我的Spinnaker正在Kubernetes中运行,服务类型为LoadBalancer,并添加到azure注释下方,以获取内部子网私有ip地址,从而在内部公开服务 annotations: service.beta.kubernetes.io/azure-load-balancer-internal: "true" service.beta.kubernetes.io/azure-load-balancer-internal-subnet: subnetName 我有一个
annotations:
service.beta.kubernetes.io/azure-load-balancer-internal: "true"
service.beta.kubernetes.io/azure-load-balancer-internal-subnet: subnetName
我有一个安装了Apache的ubuntu虚拟机。创建自签名证书并在apache配置中终止,我可以使用HTTPS访问apache主页
然后我创建了Spinnaker服务IP地址的代理规则。基本上,我想从ApacheHTTPS-->访问Spinnaker,以实现kubernetes服务的内部HTTP流量
以下是Apache配置:
xxxx@xxxx:/etc/apache2/sites-available$ ls -ltrh
total 28K
-rw-r--r-- 1 root root 1332 Jul 16 18:14 000-default.conf
-rw-r--r-- 1 root root 6338 Jul 16 18:14 default-ssl.conf
drwxr-xr-x 2 root root 4096 Dec 12 17:24 abc
-rw-r--r-- 1 root root 680 Dec 12 13:04 abc.conf
drwxr-xr-x 2 root root 4096 Dec 12 14:29 xyz
-rw-r--r-- 1 root root 1151 Dec 12 13:08 xyz.conf
cat abc/00-redirect-to-https.conf
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^spinnaker$ / [L,R=302]
cat abc.conf
<VirtualHost *:80>
ServerAdmin webmaster@localhost
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/abc_error.log
CustomLog ${APACHE_LOG_DIR}/abc_access.log combined
<IfModule mod_headers.c>
RequestHeader unset X-Forwarded-For
RequestHeader unset X-Forwarded-Host
RequestHeader unset X-Forwarded-Server
RequestHeader set X-Forwarded-Proto "http"
RequestHeader set X-Forwarded-Port "80"
</IfModule>
# Apache will try to set application/json based on mime type
# This behaviour casing problems with empty json responses from spring
RemoveType json
Include sites-available/abc/*.conf
</VirtualHost>
cat xyz/00-spinnaker.conf
ProxyPass /spinnaker balancer://spinnaker
ProxyPassReverse /spinnaker balancer://spinnaker
ProxyRequests Off
AllowEncodedSlashes NoDecode
<Proxy balancer://spinnaker>
BalancerMember http://172.18.1.99:9000/spinnaker loadfactor=1 keepalive=On retry=0
ProxySet lbmethod=bytraffic
</Proxy>
cat xyz.conf
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName FQDN
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/xyz_error.log
CustomLog ${APACHE_LOG_DIR}/xyz_access.log combined
<IfModule mod_headers.c>
RequestHeader unset X-Forwarded-For
RequestHeader unset X-Forwarded-Host
RequestHeader unset X-Forwarded-Server
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
</IfModule>
SSLEngine on
SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLCertificateFile /etc/apache2/certs/ca.cert
SSLCertificateKeyFile /etc/apache2/certs/ca.key
# Apache will try to set application/json based on mime type
# This behaviour casing problems with empty json responses from spring
RemoveType json
Include sites-available/xyz/*.conf
</VirtualHost>
xxxx@xxxx:/etc/apache2/可用站点$ls-ltrh
总数28K
-rw-r--r--1根根根目录1332 Jul 16 18:14 000-default.conf
-rw-r--r--1根根目录6338 Jul 16 18:14 default-ssl.conf
drwxr-xr-x 2根根目录4096 Dec 12 17:24 abc
-rw-r--r--1根根根680 Dec 12 13:04 abc.conf
drwxr-xr-x 2根根目录4096 Dec 12 14:29 xyz
-rw-r--r--1根根根1151 Dec 12 13:08 xyz.conf
cat abc/00-redirect-to-https.conf
重新启动发动机
重写条件%{HTTPS}关闭
重写规则^spinnaker$/[L,R=302]
cat abc.conf
服务器管理员webmaster@localhost
日志级别警告
ErrorLog${APACHE_LOG_DIR}/abc_error.LOG
CustomLog${APACHE\u LOG\u DIR}/abc\u access.LOG组合
RequestHeader未设置X-Forwarded-For
RequestHeader未设置X转发主机
RequestHeader未设置X-Forwarded-Server
RequestHeader集合X-Forwarded-Proto“http”
RequestHeader设置X转发端口“80”
#Apache将尝试根据mime类型设置application/json
#这种行为会导致来自spring的空json响应出现问题
RemoveType json
包括可用的站点/abc/*.conf
cat xyz/00-spinnaker.conf
ProxyPass/spinnakerbalancer://spinnaker
ProxyPassReverse/spinnakerbalancer://spinnaker
代理请求关闭
AllowEncodeDSL节点代码
平衡员http://172.18.1.99:9000/spinnaker loadfactor=1 keepalive=重试时=0
ProxySet lbmethod=bytraffic
cat xyz.conf
服务器管理员webmaster@localhost
服务器名FQDN
日志级别警告
ErrorLog${APACHE_LOG_DIR}/xyz_error.LOG
CustomLog${APACHE_LOG_DIR}/xyz_access.LOG组合
RequestHeader未设置X-Forwarded-For
RequestHeader未设置X转发主机
RequestHeader未设置X-Forwarded-Server
RequestHeader集合X-Forwarded-Proto“https”
RequestHeader设置X转发端口“443”
斯伦金安
SSLProtocol-ALL+TLSv1+TLSv1.1+TLSv1.2
SSLHonorCipherOrder开启
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!阿努尔:!MD5:!决策支持系统
SSLCertificateFile/etc/apache2/certs/ca.cert
SSLCertificateKeyFile/etc/apache2/certs/ca.key
#Apache将尝试根据mime类型设置application/json
#这种行为会导致来自spring的空json响应出现问题
RemoveType json
包括可用的站点/xyz/*.conf
如果我在浏览器https://apacheServerDomainName/spinnaker
然后在内部重定向到spinnaker,
但若我想进入spinnaker中的任何其他页面,比如点击项目、应用程序等,那个么它将不起作用,因为url将更改为https://apacheServerDomainName/applications
这将给出404
,因为它假设从本地ubuntu apache服务器获取页面,
然而,该请求也应该重定向并响应spinnaker
请告知何种类型的apache重写规则有助于实现此要求或任何其他建议。遵循以下步骤
@P Ekambaram感谢您的回复。我正在做这些配置,但是在letsencrypt的证书步骤中卡住了。请查看并建议解决方案。