apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/server-snippet: |
location ~ ^/(admin|internal) {
deny all;
}
nginx.ingress.kubernetes.io/proxy-body-size: 50m
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Upgrade-Insecure-Requests 1;
proxy_set_header X-Forwarded-Proto https;
add_header Content-Security-Policy upgrade-insecure-requests;
name: suanpan-web
namespace: default
spec:
rules:
- http:
paths:
- backend:
serviceName: suanpan-service
servicePort: 7000
path: /
對某些特殊的請求進行限制(針對/admin和/internal目錄全部禁止訪問)
nginx.ingress.kubernetes.io/server-snippet: |
location ~ ^/(admin|internal) {
deny all;
}
設置客戶端請求正文的最大允許大小(默認1m)
nginx.ingress.kubernetes.io/proxy-body-size: 50m
設置從代理服務器讀取響應的超時時間(以秒爲單位,默認值60)
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
是否只能通過 SSL 訪問(當 Ingress 包含證書時默認爲 True)
nginx.ingress.kubernetes.io/ssl-redirect: "true"
強制重定向到 HTTPS(即使 Ingress 未啓用 TLS)
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
如果需要非標準端口跳轉(比如http不使用80端口,https不使用443端口)
nginx.ingress.kubernetes.io/use-port-in-redirects: "true"
啓用自定義配置,強制轉換https下的http請求到https
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Upgrade-Insecure-Requests 1;
proxy_set_header X-Forwarded-Proto https;
add_header Content-Security-Policy upgrade-insecure-requests;
