nginx处终结ssl证书,代理后端kubesphere通过NodePort暴露的http端口
[root@devops ~]# cat /etc/nginx/conf.d/rancher_devops_70mail_cn.conf
upstream rancher{
server 192.168.2.249:30880 weight=1 max_fails=1 fails_timeout=10s;
server 192.168.2.107:30880 weight=1 max_fails=2 fails_timeout=10s backup;
}
server {
listen 9001 ssl;
server_name rancher.devops.70mail.cn;
client_max_body_size 0;
ssl_certificate /etc/nginx/ssl/rancher_devops_70mail_cn/rancher.devops.70mail.cn_bundle.crt;
ssl_certificate_key /etc/nginx/ssl/rancher_devops_70mail_cn/rancher.devops.70mail.cn.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_redirect http:// $scheme://;
proxy_pass http://rancher;
}
}
查看kubesphere使用nodeport暴露出来的30880端口
声明:
本站所有文章,如无特殊说明或标注,均为本站原创发布。任何个人或组织,在未征得本站同意时,禁止复制、盗用、采集、发布本站内容到任何网站、书籍等各类媒体平台。如若本站内容侵犯了原著者的合法权益,可联系我们进行处理。