I copy pasted a configMap file from an online tutorial and an error popped while trying to apply it. this is the file:
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-config
labels:
tier: backend
data:
config : |
server {
index index.php index.html;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /dir;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ .php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+.php)(/.+)$;
fastcgi_pass php:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
this is the error:
line 28: did not find expected key
text alignment of the below line is incorrect. edited your question and corrected the format. try now. it should work
$document_root$fastcgi_script_name;
Should be:
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-config
labels:
tier: backend
data:
config : |
server {
index index.php index.html;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /dir;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ .php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+.php)(/.+)$;
fastcgi_pass php:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
EDIT:
In your YAML the Kubernetes object definition in this case configmap, has an incorrect indentation.
Related
I am running Nginx ingress inside one of our EKS cluster and earlier had issue to http-->https redirect as we are terminating SSL at AWS NLB. I was able to get it fixed using the method listed in this ticket https://github.com/kubernetes/ingress-nginx/issues/2724 ( Thanks to #Ariseaz )
However, along with https redirect we want to append path and redirect which is not working. Here are some methods I have tried so far
The container webpage serving paths /coffee and /tea
http://cafe.com ------> https://cafe.com ## This works because of the http --> https redirection
http://cafe.com/tea -----> https://cafe.com/tea ## This works
http://cafe.com/coffee -----> https://cafe.com/coffee ## This works
Now when I want to redirect https://cafe.com to https://cafe/coffee it does not work.
Can anyone please tell me now to append path to https:hostname and redirect.. I was able-to get is working with AWS ALB Ingress with this annotation and I am trying to get the same method with nginx ingress.
alb.ingress.kubernetes.io/actions.svc-cafe: >
{"Type":"redirect","RedirectConfig":{"Path":"/coffee","Protocol":"HTTPS", "Port": "443","StatusCode":"HTTP_301"}} ## This is to append /coffee to hostname and redirect ( https://cafe.com ---> htttps://cafe.com/coffee)
Here is my ingress file using Nginx ingress controller
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: cafe-example
annotations:
nginx.ingress.kubernetes.io/server-snippet: |
if ($host = "https://cafe.com") {
return 301 https://$host$request_uri/coffee;
}
#nginx.ingress.kubernetes.io/rewrite-target: /
#nginx.ingress.kubernetes.io/configuration-snippet: |
# rewrite ^(/coffee)$ $1/ permanent;
spec:
ingressClassName: internal-nginx
rules:
- host: cafe.com
http:
paths:
- path: /tea
pathType: Prefix
backend:
service:
name: tea-svc
port:
number: 80
- path: /coffee
pathType: Prefix
backend:
service:
name: coffee-svc
port:
number: 80
Please try :
nginx.ingress.kubernetes.io/server-snippet: |
if ($host ~ "https://cafe.com")
{
rewrite ^ https://$host$request_uri/coffee permanent;
}
or else try
nginx.ingress.kubernetes.io/configuration-snippet: |
if ($host = 'https://cafe.com' ) {
return 301 https://$host$request_uri/coffee;
}
When I change the host to cafe.com instead of https://cafe.com I can see it the url getting redirected but its going in a loop
nginx.ingress.kubernetes.io/configuration-snippet: |
if ($host = 'cafe.com' ) {
return 301 https://$host$request_uri/coffee;
}
https://cafe.com//coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee/coffee
You can try this
nginx.ingress.kubernetes.io/configuration-snippet: |
if ($host = 'cafe.com' ) {
return 301 https://cafe.com/coffee;
}
OR
nginx.ingress.kubernetes.io/configuration-snippet: |
if ($host = 'cafe.com' ) {
rewrite ^([^.]*[^/])$ https://cafe.com/coffee permanent;
}
Can ingress rewrite 405 to the origin url and change the http-errors 405 to 200?
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: frontend-ingress
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
rules:
- http:
paths:
- path: /page/user/(.*)
pathType: Prefix
backend:
serviceName: front-user
servicePort: 80
- path: /page/manager/(.*)
pathType: Prefix
backend:
serviceName: front-admin
servicePort: 80
Ngnix can realize that visit a html page by a post method but I want to know how to realize by ingress.
server {
listen 80;
# ...
error_page 405 =200 #405;
location #405 {
root /srv/http;
proxy_method GET;
proxy_pass http://static_backend;
}
}
This is an e.g. that ngnix realize that visit a html page by a post method to change 405 to 200 and change the method to get
You can use server snippet annotation to achieve it.
Also I rewrote your ingress from extensions/v1beta1 apiVersion to networking.k8s.io/v1, because starting kubernetes v1.22 previous apiVersion is be removed:
$ kubectl apply -f ingress-snippit.yaml
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
Ingress-snippet-v1.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: frontend-ingress
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /$1
nginx.ingress.kubernetes.io/server-snippet: | # adds this block to server
error_page 405 =200 #405;
location #405 {
root /srv/http;
proxy_method GET;
proxy_pass http://static_backend; # tested with IP since I don't have this upstream
}
spec:
rules:
- http:
paths:
- path: /page/user/(.*)
pathType: Prefix
backend:
service:
name: front-user
port:
number: 80
- path: /page/manager/(.*)
pathType: Prefix
backend:
service:
name: front-admin
port:
number: 80
Applying manifest above and verifying /etc/nginx/nginx.conf in ingress-nginx-controller pod:
$ kubectl exec -it ingress-nginx-controller-xxxxxxxxx-yyyy -n ingress-nginx -- cat /etc/nginx/nginx.conf | less
...
## start server _
server {
server_name _ ;
listen 80 default_server reuseport backlog=4096 ;
listen 443 default_server reuseport backlog=4096 ssl http2 ;
set $proxy_upstream_name "-";
ssl_certificate_by_lua_block {
certificate.call()
}
# Custom code snippet configured for host _
error_page 405 =200 #405;
location #405 {
root /srv/http;
proxy_method GET;
proxy_pass http://127.0.0.1; # IP for testing purposes
}
location ~* "^/page/manager/(.*)" {
set $namespace "default";
set $ingress_name "frontend-ingress";
set $service_name "front-admin";
set $service_port "80";
set $location_path "/page/manager/(.*)";
set $global_rate_limit_exceeding n;
...
I am trying to deploy a GRPC based engine behind a Kubernetes Ingress-Nginx ingress, version 0.34.1 and I have already tested that it is working fine with a regular REST API setup, but I have had no luck in receiving any traffic from the backend GRPC when connecting from the port 50051. The backend GRPC itself contains a container that is listening on the port 50051 with the following configuration:
apiVersion: apps/v1
kind: Deployment
metadata:
name: microservice-one
spec:
selector:
matchLabels:
app: microservice-one
template:
metadata:
labels:
app: microservice-one
spec:
containers:
- name: microservice
image: azurecr.io/microservice:v1
ports:
- containerPort: 50051
resources:
requests:
memory: "5G"
cpu: 250m
limits:
cpu: 1000m
---
apiVersion: v1
kind: Service
metadata:
name: microservice-one
spec:
type: ClusterIP
ports:
- protocol: TCP
port: 50051
selector:
app: microservice-one
type: LoadBalancer
while the yaml file for my ingress applies the following configuration:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: service1
namespace: ingress
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
spec:
tls:
- hosts:
- [HOSTNAME]
secretName: aks-ingress-tls
rules:
- host: [HOSTNAME]
- http:
paths:
- backend:
serviceName: microservice-one
servicePort: 50051
path: /(.*)
However, upon testing and looking at the raw generated nginx configuration, with the irrelevant parts omitted below, I realized that the nginx server is only listening on port 443 and 80 as standard for an nginx config. I have read that the ingress only allows one port for https so I tried multiple different annotations (e.g. loadbalancer) that were said to bypass the limit but none of them have worked. Could anyone please advise on what other possible solutions there might be to the problem?
server {
server_name [HOSTNAME] ;
listen 80 ;
listen 443 ssl http2 ;
set $proxy_upstream_name "-";
ssl_certificate_by_lua_block {
certificate.call()
}
location / {
set $namespace "";
set $ingress_name "";
set $service_name "";
set $service_port "";
set $location_path "/";
rewrite_by_lua_block {
lua_ingress.rewrite({
force_ssl_redirect = false,
ssl_redirect = true,
force_no_ssl_redirect = false,
use_port_in_redirects = false,
})
balancer.rewrite()
plugins.run()
}
port_in_redirect off;
set $balancer_ewma_score -1;
set $proxy_upstream_name "upstream-default-backend";
set $proxy_host $proxy_upstream_name;
set $pass_access_scheme $scheme;
set $pass_server_port $server_port;
set $best_http_host $http_host;
set $pass_port $pass_server_port;
set $proxy_alternative_upstream_name "";
client_max_body_size 1m;
grpc_set_header Upgrade $http_upgrade;
grpc_set_header Connection $connection_upgrade;
grpc_set_header X-Request-ID $req_id;
grpc_set_header X-Real-IP $remote_addr;
grpc_set_header X-Forwarded-For $remote_addr;
grpc_set_header X-Forwarded-Proto $pass_access_scheme;
grpc_set_header X-Forwarded-Host $best_http_host;
grpc_set_header X-Forwarded-Port $pass_port;
grpc_set_header X-Scheme $pass_access_scheme;
grpc_set_header X-Original-Forwarded-For $http_x_forwarded_for;
grpc_set_header Proxy "";
proxy_connect_timeout 5s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering off;
proxy_buffer_size 4k;
proxy_buffers 4 4k;
proxy_max_temp_file_size 1024m;
proxy_request_buffering on;
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
proxy_next_upstream error timeout;
proxy_next_upstream_timeout 0;
proxy_next_upstream_tries 3;
proxy_pass http://upstream_balancer;
proxy_redirect off;
}
}
## end server [HOSTNAME]
## start server _
server {
server_name _ ;
listen 80 default_server reuseport backlog=511 ;
listen 443 default_server reuseport backlog=511 ssl http2 ;
set $proxy_upstream_name "-";
ssl_certificate_by_lua_block {
certificate.call()
}
location /(.*) {
set $namespace "myingress";
set $ingress_name "service1";
set $service_name "";
set $service_port "";
set $location_path "/(.*)";
rewrite_by_lua_block {
lua_ingress.rewrite({
force_ssl_redirect = false,
ssl_redirect = true,
force_no_ssl_redirect = false,
use_port_in_redirects = false,
})
balancer.rewrite()
plugins.run()
}
port_in_redirect off;
set $balancer_ewma_score -1;
set $proxy_upstream_name "myingress-microservice-one-50051";
set $proxy_host $proxy_upstream_name;
set $pass_access_scheme $scheme;
set $pass_server_port $server_port;
set $best_http_host $http_host;
set $pass_port $pass_server_port;
set $proxy_alternative_upstream_name "";
grpc_set_header Upgrade $http_upgrade;
grpc_set_header Connection $connection_upgrade;
grpc_set_header X-Request-ID $req_id;
grpc_set_header X-Real-IP $remote_addr;
grpc_set_header X-Forwarded-For $remote_addr;
grpc_set_header X-Forwarded-Proto $pass_access_scheme;
grpc_set_header X-Forwarded-Host $best_http_host;
grpc_set_header X-Forwarded-Port $pass_port;
grpc_set_header X-Scheme $pass_access_scheme;
grpc_set_header X-Original-Forwarded-For $http_x_forwarded_for;
grpc_set_header Proxy "";
grpc_pass grpc://upstream_balancer;
proxy_redirect off;
}
i'm experiencing a strange behavior of Ingress-Nginx if i post payloads bigger than 50k. If so, the forwarding time of the submitted post-request in Nginx takes up to 50 seconds or more, but if i submit smaller a smaller load, Nginx forwards very speedy. If i post a 4mb request, it takes up to 100 seconds.
Environemnt:
- Baremetall kubernetes cluster with 3 nodes with Ubuntu 16.04
- deployment over custom helm templates out of gitlab
- gitlab-managed Nginx-controller pod, proxy routing over host header
- java application receiving post and returns it
Application topology:
web -> (apache reverse proxy) -> (IngressNginx) -> (Application)
i can see that apache forwards the whole payload straight forward and Nginx pod receives it immediately, but the application pod does not receive anything for up to 50 seconds (depends on payload size), sometimes i also run into a Nginx 502, but i cant find a pattern.
I've tried higher or lower down buffer sizes, disabled or enabled buffering, but without any effects:
nginx.ingress.kubernetes.io/proxy-body-size: "100M"
nginx.ingress.kubernetes.io/client-body-buffer-size: "5M"
nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
nginx.ingress.kubernetes.io/proxy-buffering: "on"
nginx.ingress.kubernetes.io/proxy-buffer-size: "5M"
nginx.ingress.kubernetes.io/proxy-request-buffering: "on"
nginx.ingress.kubernetes.io/proxy-next-upstream-tries: "1"
ingress.yaml template:
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "integrity-adapter-autodeployment.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "integrity-adapter-autodeployment.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "100M"
nginx.ingress.kubernetes.io/client-body-buffer-size: "5M"
nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
nginx.ingress.kubernetes.io/proxy-buffering: "on"
nginx.ingress.kubernetes.io/proxy-buffer-size: "5M"
nginx.ingress.kubernetes.io/proxy-request-buffering: "on"
nginx.ingress.kubernetes.io/proxy-next-upstream-tries: "1"
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ . }}
backend:
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}
nginx.conf only for this server:
## start server feature-document-response-integrity-adapter.prod.semanticlab.net
server {
server_name feature-document-response-integrity-adapter.prod.semanticlab.net ;
listen 80 ;
listen 443 ssl http2 ;
set $proxy_upstream_name "-";
ssl_certificate_by_lua_block {
certificate.call()
}
location ~* "^/" {
set $namespace "default";
set $ingress_name "review-integrity-adapter-feature-document-response";
set $service_name "review-integrity-adapter-feature-document-response";
set $service_port "63016";
set $location_path "/";
rewrite_by_lua_block {
lua_ingress.rewrite({
force_ssl_redirect = false,
ssl_redirect = true,
force_no_ssl_redirect = false,
use_port_in_redirects = false,
})
balancer.rewrite()
plugins.run()
}
# be careful with `access_by_lua_block` and `satisfy any` directives as satisfy any
# will always succeed when there's `access_by_lua_block` that does not have any lua code doing `ngx.exit(ngx.DECLINED)`
# other authentication method such as basic auth or external auth useless - all requests will be allowed.
#access_by_lua_block {
#}
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
body_filter_by_lua_block {
}
log_by_lua_block {
balancer.log()
monitor.call()
plugins.run()
}
port_in_redirect off;
set $balancer_ewma_score -1;
set $proxy_upstream_name "default-review-integrity-adapter-feature-document-response-63016";
set $proxy_host $proxy_upstream_name;
set $pass_access_scheme $scheme;
set $pass_server_port $server_port;
set $best_http_host $http_host;
set $pass_port $pass_server_port;
set $proxy_alternative_upstream_name "";
client_max_body_size 100M;
client_body_buffer_size 5M;
proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the backend
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Request-ID $req_id;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Scheme $pass_access_scheme;
# Pass the original X-Forwarded-For
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
# Custom headers to proxied server
proxy_connect_timeout 5s;
proxy_send_timeout 300s;
proxy_read_timeout 60s;
proxy_buffering on;
proxy_buffer_size 5M;
proxy_buffers 4 5M;
proxy_max_temp_file_size 1024m;
proxy_request_buffering on;
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
# In case of errors try the next upstream server before returning an error
proxy_next_upstream error timeout;
proxy_next_upstream_timeout 0;
proxy_next_upstream_tries 1;
proxy_pass http://upstream_balancer;
proxy_redirect off;
}
}
## end server feature-document-response-integrity-adapter.prod.semanticlab.net
```
Does some have any suggestions for me?
Thanks in advance
After a week of searching the issue, we finally found it... Ingress-Nginx has gzip compression active by default. Creating a configMap with use-gzip: "false" fixed the issue.
kubectl apply -f {configmap.yaml}
apiVersion: v1
data:
use-gzip: "false"
kind: ConfigMap
metadata:
labels:
app: nginx-ingress
component: controller
heritage: Tiller
release: ingress
name: ingress-nginx-ingress-controller
namespace: gitlab-managed-apps
Can someone help me to connect my PHP and MySQL
I did manage to make it up and running, connect to DB with MySQL Workbench but when I try PDO connect from PHP file it fails for some reason...
docker-compose
web:
image: nginx:latest
ports:
- "80:80"
volumes:
- ./:/var/www
- ./site.conf:/etc/nginx/conf.d/site.conf
links:
- php
php:
image: php:7-fpm
volumes:
- ./:/var/www
links:
- db
db:
image: mysql:5.7
volumes:
- /var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=123456
- MYSQL_DATABASE=database
ports:
- "3306:3306"
site.conf
server {
index index.php index.html;
server_name lara.test;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /var/www;
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass php:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
and index.php
<?php
$database = new PDO('mysql:host=localhost;dbname=database', "root", "123456");
echo "Connected to MySQL<br />";
?>
and error message:
Fatal error: Uncaught PDOException: could not find driver in
/var/www/index.php:3 Stack trace: #0 /var/www/index.php(3):
PDO->__construct('mysql:host=loca...', 'root', '123456') #1 {main}
thrown in /var/www/index.php on line 3
what do I miss in order to make this work?
Just change
$database = new PDO('mysql:host=localhost;dbname=database', "root",
"123456");
to
$database = new PDO('mysql:host=db;dbname=database', "root", "123456");
the name of host must same with the name of database image on docker-compose file.