I have a nginx ingress in Kubernetes. In front of it, I have an NLB and ALB.
When proxy protocol is enabled, NLB works. When proxy protocol is disabled, ALB works.
Is there a way I can make both ALB and NLB work with nginx ingress?
Related
In the instance of AWS ec2,
I have nginx and apache web server.
And have four different domains.
One domain goes to apache through nginx ahead.
The other ones go to just nginx.
And those domains are listening port 8090 which is customized.
What I did was that I changed the port 8090 to 80 in each of conf files for nginx.
And it works but takes much time about 30 up to 1 minute ish to get to the port 80 at browsers and others such as curl.
With some computers, it says connection timed out.
I don't know why this is happening.
In aws environment, I've got ALB and NLB and when the port 8090 was set, it was running in NLB.
Can anyone help with this phenomenon?
I have a kong acting as a reverse proxy sitting in front of an ingress controller terminating TLS upstream. I want the kong reverse proxy to do a TLS passthrough and not terminate TLS at the reverse proxy I followed these steps and am able to successfully see that the reverse proxy kong passing the traffic through without terminating TLS.
The problem I am having is that the client sometimes accesses my server without a hostname (e.g. myhostname.com) and uses the IP directly, but since for the TLS passthrough to work we need to specify SNI to match the request to, when the client uses the ip to access the server the Host header becomes the ip and the reverse proxy doesn't match it therefore block the request. Is there a way to allow the reverse proxy to passthrough clients that make requests using an IP?
services:
- host: 192.168.100.1
protocol: tcp
port: 443
name: my_service
routes:
- name: my_route
protocols:
- tls_passthrough
snis:
- myhostname.com
Hello I have a GKE cluster with a cert manager pod and ingress nginx server pod.
The ingress NGINX server has two external ips with port 80 and 443.
I can access port 80 but it is insecure. How can I assign my sub domain for example:
dev.example.com to this ingress ip address?
If I have Cloud DNS set up and also Hover set up is it conflicting of each other?
Thanks
I have a tornado webserver + nginx + DNS. I have moved the webserver to a kubernetes pod and same with nginx.
But i realized that cant expose to port 80 then i kept nginx outside from kubernetes and changed webserver ip by the ip of the pod and works without problems.
The problem is that each time the ssh server restarts the pod's ip changes and i need to manually change the ip on nginx conf.
How can i or keep pod's ip between reloads or expose nginx on a pod to outside?
Use a load balancer between DNS and nginx ingress controller. The load balancer can accept traffic on port 80 and forward to nodeport on which nginx ingress controller is exposed.
Alternatively use the nginx ingress controller and run it with hostNetwork: true in deployment pod spec to run nginx ingress controller directly on port 80 in host's network namespace. Then configure DNS to forward traffic to nodeip:80
Create a cluster IP type kubernetes service and an ingress resource to access pod exposed via nginx. Nginx ingress controller will forward traffic to POD IPs directly. There is no change needed anywhere in this setup in case pod IP changes because nginx ingress controller watches for any change in POD IP and updates the nginx.conf accordingly.
I used terraform to deploy my k8s cluster, and i used kubectl to deploy nginx on my worker nodes. Again using kubectl and creating a LoadBalancer targeting the nginx deployment on port 80 worked perfectly fine. I wanted to test out using an ALB, rather than an ELB.
I deleted the ELB, and then used the EC2 interface to setup a target group.
The target group uses port 80, is on the same vpc, and is targeting the two worker nodes.
Next I created an ALB, which is internet facing uses the same security group as the nodes, and again is on the same VPC. Its listening on port 80 and forwarding traffic to my target group.
I cant access nginx using the DSN name. I'm pretty sure it has to do with my port configuration?
Kubernetes does not natively support alb's.
https://github.com/kubernetes-sigs/aws-alb-ingress-controller