gpt4 book ai didi

https - 无法在 Istio 网关中设置 https

转载 作者:行者123 更新时间:2023-12-02 03:27:24 25 4
gpt4 key购买 nike

使用 http 设置 Istio Gateway 就可以了。

但我无法设置 https。我按照指南https://istio.io/docs/tasks/traffic-management/secure-ingress/进行操作

Istio:1.0.2(使用 Helm 安装)Kubernetes 1.10.3 eks

我正在使用 COMODO 的证书。

只有第一次,我才能使用 https 访问该页面。访问页面后,如果我尝试再次连接,我会在浏览器中收到以下错误。

mycompany.com unexpectedly closed the connection.
Try:

Checking the connection
Checking the proxy and the firewall

如果我使用curl,我会收到以下错误。

curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to qa-web.ffau.to:443

如果我使用 openssl 进行测试,

openssl s_client -tls1 -connect mycompany.com:443 -msg

错误

140735917949896:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.50.2/libressl/ssl/s3_pkt.c:522:

这就是我创建 secret 的方式。

kubectl create -n istio-system secret tls istio-ingressgateway-certs --key ffau.to.key  --cert ffau.to.crt 

这是网关和虚拟服务的yaml。

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: mycompany-gateway
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 443
name: https
protocol: HTTPS
tls:
mode: SIMPLE
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
privateKey: /etc/istio/ingressgateway-certs/tls.key
hosts:
- "mycompany.com"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: ffau-qa-phoenix-us
spec:
hosts:
- "mycompany.com"
gateways:
- mycompany-gateway
http:
- match:
- uri:
prefix: /us/account
- uri:
prefix: /us/reserve
- uri:
exact: /phoenix-bundle.js
- uri:
exact: /client-env.js
- uri:
exact: /env-variables
- uri:
exact: /graphql
route:
- destination:
host: myui.default.svc.cluster.local
port:
number: 8000

最佳答案

堆栈溢出也有类似的问题 Not able to connect to HTTPS service using ISTIO Gateway and Virtual Service , https://github.com/istio/istio/issues/6071

我在 stack-overflow issue 中找到了解决方法。打开端口 80 并使用 httpsRedirect: true 重定向到 443

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: my-gateway
spec :
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "mydomain.com"
tls:
httpsRedirect: true
- port:
number: 443
name: https
protocol: HTTPS
tls:
mode: SIMPLE
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
privateKey: /etc/istio/ingressgateway-certs/tls.key
hosts:
- "mydomain.com"

关于https - 无法在 Istio 网关中设置 https,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/52875011/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com