Nginx
在從上游讀取響應標頭時,入口 nginx 上游未發送有效的 HTTP/1.0 標頭
我正在嘗試為我的命名空間中的服務設置一個 nginx 入口控制器。其中一個後端服務接受埠 80 上的 HTTP 流量,另一個僅接受埠 443 上的 HTTPS 流量。請參閱這兩個服務的描述
$ kubectl describe svc service-1 -n monit Name: service-1 Namespace: monit Labels: app=service-1 Annotations: <none> Selector: app=service-1 Type: ClusterIP IP: 10.104.185.173 Port: https 443/TCP TargetPort: 8443/TCP Endpoints: 10.1.0.95:8443 Session Affinity: None Events: <none> $ kubectl describe svc service-2 -n monit Name: service-2 Namespace: monit Labels: app=service-2 Annotations: <none> Selector: app=service-2 Type: ClusterIP IP: 10.110.93.64 Port: service 80/TCP TargetPort: 3000/TCP Endpoints: 10.1.0.87:3000 Session Affinity: None Events: <none>
這是我的入口配置
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: ingress-monit spec: rules: - host: service-2.localhost http: paths: - path: / backend: serviceName: service-2 servicePort: 80 - host: service-1.localhost http: paths: - path: / backend: serviceName: service-1 servicePort: 443
當我查看 Nginx 配置時,一切正常
$ kubectl describe ingress ingress-monit -n monit Name: ingress-monit Namespace: monit Address: localhost Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>) Rules: Host Path Backends ---- ---- -------- service-2.localhost / service-2:80 (10.1.0.87:3000) service-1.localhost / service-1:443 (10.1.0.95:8443) Annotations: Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal CREATE 31m nginx-ingress-controller Ingress monit/ingress-monit Normal UPDATE 30m nginx-ingress-controller Ingress monit/ingress-monit
現在的問題是我可以使用http://service-2.localhost/正確訪問我的 service-2,但我無法訪問 service-1。在 chrome 上訪問http://service-1.localhost/給了我
This site can’t be reachedThe webpage at https://service-1.localhost/ might be temporarily down or it may have moved permanently to a new web address. ERR_INVALID_RESPONSE
當我查看 Nginx 日誌時,我看到:
$ kubectl logs -n monit ingress-nginx-controller-bbdc786b4-8crdm -f ------------------------------------------------------------------------------- NGINX Ingress controller Release: 0.32.0 Build: git-446845114 Repository: https://github.com/kubernetes/ingress-nginx nginx version: nginx/1.17.10 ------------------------------------------------------------------------------- . . . 2020/06/02 22:56:47 [error] 2363#2363: *64928 upstream sent no valid HTTP/1.0 header while reading response header from upstream, client: 192.168.65.3, server: service-1.localhost, request: "GET / HTTP/1.1", upstream: "http://10.1.0.95:8443/", host: "service-1.localhost" 192.168.65.3 - - [02/Jun/2020:22:58:13 +0000] "GET / HTTP/1.1" 200 7817 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36" 594 0.005 [monit-service-2-80] [] 10.1.0.87:3000 30520 0.005 200 2baefff713047b14a81643650cb50c4c
該錯誤似乎與 service-1 返回 bad response 相關
upstream sent no valid HTTP/1.0 header while reading response header from upstream
。問題是如果我使用kubectl proxy
我可以正確訪問該服務!有什麼想法可以讓我弄清楚真正的問題是什麼?
您將需要
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
通過 SSL 連接上游的 Ingress 上的註釋,因為預設情況下,入口控制器假定所有集群內上游都使用 HTTP據我所知,您不能添加該註釋,
rule:
因此您必須為其創建第二個 Ingress:apiVersion: extensions/v1beta1 kind: Ingress metadata: name: ingress-monit-service-1 annotations: nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" spec: rules: - host: service-1.localhost http: paths: - path: / backend: serviceName: service-1 servicePort: 443