Linux Kubernetes上的Nginx(99:无法分配请求的地址)
因此,我有一个应用程序服务,希望nginx代理到它的连接。我使用IP地址告诉nginx哪个是应用程序的服务节点端口(100.68.202.75)。问题是当吊舱启动时,它会给我: 2019/05/25 17:32:38[emerg]1#1:bind()到100.71.178.70:443失败(99:无法分配请求的地址) nginx:[emerg]bind()到100.71.178.70:443失败(99:无法分配请求的地址) 应用程序在具有服务的不同部署上单独运行。我只想告诉你去听那个服务。因此它可以重定向流量Linux Kubernetes上的Nginx(99:无法分配请求的地址),linux,nginx,kubernetes,nginx-reverse-proxy,Linux,Nginx,Kubernetes,Nginx Reverse Proxy,因此,我有一个应用程序服务,希望nginx代理到它的连接。我使用IP地址告诉nginx哪个是应用程序的服务节点端口(100.68.202.75)。问题是当吊舱启动时,它会给我: 2019/05/25 17:32:38[emerg]1#1:bind()到100.71.178.70:443失败(99:无法分配请求的地址) nginx:[emerg]bind()到100.71.178.70:443失败(99:无法分配请求的地址) 应用程序在具有服务的不同部署上单独运行。我只想告诉你去听那个服务。因此它
upstream so5098.exampler.com {
server 100.68.202.75:8080;
}
server {
listen 80;
server_name so5098.exampler.com masterqa-okta.exampler.com masterqapayrolltestingping.exampler.com;
rewrite ^(.*) https://$host$1 permanent;
}
server {
listen 100.68.202.75:443;
ssl on;
ssl_certificate /home/xenon/.ssl/exampler.com.crt;
ssl_certificate_key /home/xenon/.ssl/exampler.com.key;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'TLS_RSA_WITH_AES_256_CBC_SHA256:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:AES256-SHA256:AES128+EECDH:AES128+EDH:!aNULL';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
server_name masterqa.exampler.com masterqa-okta.exampler.com masterqapayrolltestingping.exampler.com;
# Upload file size limit
client_max_body_size 50m;
# bypass tomcat for profile images
location ~* /masterqa/profile/[0-9]*/.*\.(jpg|jpeg|gif|png)$ {
root /opt/documents/so5098/;
rewrite /opt/documents/saintssecurity/docs/([0-9]*)/(.*) /$1/$2 break;
}
# bypass tomcat for company logos
location ~* /so5098/logo/[0-9]*/.*\.(jpg|jpeg|gif|png)$ {
root /opt/example/docs-branch/;
rewrite /so5098/logo/([0-9]*)/(.*) /$1/$2 break;
}
# bypass tomcat for company theme
location ~* /masterqa/companyTheme/theme/[0-9]+_.*\.css$ {
root /opt/documents/so5098;
rewrite /masterqa/companyTheme/theme/([0-9]*)_.*.css /$1/$1.css break;
}
location /so5098 {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://100.68.202.75:8080/so5098;
proxy_redirect http://$host https://$host;
}
location /so5098/api {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080/masterqa/api;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://100.68.202.75:8080/so5098;
}
}
你应该替换
听100.68.202.75:443与侦听443 ssl。Pod IP是动态的,每次重新启动时都会发生变化。您通常不会这样硬连接IP,因为Pod IP是随机分配的。它是服务的IP。你建议怎么做?好的,对于代理通行证,我应该使用哪个地址将其传递到podif?如果你的应用程序运行在同一个Kubernetes集群中,那么你最好将服务名称放在那里,而不是服务IP。这更像是库伯内特的方式。