apiVersion: extensions/v1beta1 kind: Ingress metadata: annotations: nginx.ingress.kubernetes.io/server-snippet: | location ~ ^/(admin|internal) { deny all; } nginx.ingress.kubernetes.io/proxy-body-size: 50m nginx.ingress.kubernetes.io/proxy-read-timeout: "300" nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/force-ssl-redirect: "true" nginx.ingress.kubernetes.io/configuration-snippet: | proxy_set_header Upgrade-Insecure-Requests 1; proxy_set_header X-Forwarded-Proto https; add_header Content-Security-Policy upgrade-insecure-requests; name: suanpan-web namespace: default spec: rules: - http: paths: - backend: serviceName: suanpan-service servicePort: 7000 path: /
對某些特殊的請求進行限制(針對/admin和/internal目錄全部禁止訪問)
nginx.ingress.kubernetes.io/server-snippet: |
location ~ ^/(admin|internal) {
deny all;
}
設置客戶端請求正文的最大允許大小(默認1m)
nginx.ingress.kubernetes.io/proxy-body-size: 50m
設置從代理服務器讀取響應的超時時間(以秒爲單位,默認值60)
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
是否只能通過 SSL 訪問(當 Ingress 包含證書時默認爲 True)
nginx.ingress.kubernetes.io/ssl-redirect: "true"
強制重定向到 HTTPS(即使 Ingress 未啓用 TLS)
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
如果需要非標準端口跳轉(比如http不使用80端口,https不使用443端口)
nginx.ingress.kubernetes.io/use-port-in-redirects: "true"
啓用自定義配置,強制轉換https下的http請求到https
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Upgrade-Insecure-Requests 1;
proxy_set_header X-Forwarded-Proto https;
add_header Content-Security-Policy upgrade-insecure-requests;