apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/server-snippet: |
location ~ ^/(admin|internal) {
deny all;
}
nginx.ingress.kubernetes.io/proxy-body-size: 50m
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Upgrade-Insecure-Requests 1;
proxy_set_header X-Forwarded-Proto https;
add_header Content-Security-Policy upgrade-insecure-requests;
name: suanpan-web
namespace: default
spec:
rules:
- http:
paths:
- backend:
serviceName: suanpan-service
servicePort: 7000
path: /
对某些特殊的请求进行限制(针对/admin和/internal目录全部禁止访问)
nginx.ingress.kubernetes.io/server-snippet: |
location ~ ^/(admin|internal) {
deny all;
}
设置客户端请求正文的最大允许大小(默认1m)
nginx.ingress.kubernetes.io/proxy-body-size: 50m
设置从代理服务器读取响应的超时时间(以秒为单位,默认值60)
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
是否只能通过 SSL 访问(当 Ingress 包含证书时默认为 True)
nginx.ingress.kubernetes.io/ssl-redirect: "true"
强制重定向到 HTTPS(即使 Ingress 未启用 TLS)
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
如果需要非标准端口跳转(比如http不使用80端口,https不使用443端口)
nginx.ingress.kubernetes.io/use-port-in-redirects: "true"
启用自定义配置,强制转换https下的http请求到https
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Upgrade-Insecure-Requests 1;
proxy_set_header X-Forwarded-Proto https;
add_header Content-Security-Policy upgrade-insecure-requests;
