个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
24
4
我正在尝试按照本教程 ( https://github.com/digitalocean/Kubernetes-Starter-Kit-Developers/blob/main/03-setup-ingress-controller/nginx.md ) 进行加密来保护我的 nginx-ingress 连接。
我使用 helm 安装了 cert-manager (v1.8.0)。
应用了我的 ClusterIssuer kubectl apply -f issuesr.yaml
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-nginx
spec:
# ACME issuer configuration
# `email` - the email address to be associated with the ACME account (make sure it's a valid one)
# `server` - the URL used to access the ACME server’s directory endpoint
# `privateKeySecretRef` - Kubernetes Secret to store the automatically generated ACME account private key
acme:
email: 'myemail'
server: https://acme-staging-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-nginx-private-key
solvers:
# Use the HTTP-01 challenge provider
- http01:
ingress:
class: nginx
然后应用我的入口 kubectl apply -f ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-echo
annotations:
cert-manager.io/cluster-issuer: letsencrypt-nginx
spec:
tls:
- hosts:
- www.exmple.com
secretName: letsencrypt-nginx-echo
rules:
- host: www.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: backend
port:
number: 80
ingressClassName: nginx
为了调试,我运行了
$ kubectl get certificate
NAME READY SECRET AGE
letsencrypt-nginx-echo False letsencrypt-nginx-echo 39s
$ kubectl describe certificate
[...]
Status:
Conditions:
Last Transition Time: 2022-05-12T17:24:32Z
Message: Issuing certificate as Secret does not exist
Observed Generation: 1
Reason: DoesNotExist
Status: True
Type: Issuing
Last Transition Time: 2022-05-12T17:24:32Z
Message: Issuing certificate as Secret does not exist
Observed Generation: 1
Reason: DoesNotExist
Status: False
Type: Ready
Next Private Key Secret Name: letsencrypt-nginx-echo-nxzw6
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Issuing 3m23s cert-manager-certificates-trigger Issuing certificate as Secret does not exist
Normal Generated 3m23s cert-manager-certificates-key-manager Stored new private key in temporary Secret resource "letsencrypt-nginx-echo-nxzw6"
Normal Requested 3m23s cert-manager-certificates-request-manager Created new CertificateRequest resource "letsencrypt-nginx-echo-x2flf"
$ kubectl describe certificaterequest
Status:
Conditions:
Last Transition Time: 2022-05-12T17:24:32Z
Message: Certificate request has been approved by cert-manager.io
Reason: cert-manager.io
Status: True
Type: Approved
Last Transition Time: 2022-05-12T17:24:33Z
Message: Waiting on certificate issuance from order default/letsencrypt-nginx-echo-x2flf-1264636722: "pending"
Reason: Pending
Status: False
Type: Ready
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal cert-manager.io 5m2s cert-manager-certificaterequests-approver Certificate request has been approved by cert-manager.io
Normal OrderCreated 5m1s cert-manager-certificaterequests-issuer-acme Created Order resource default/letsencrypt-nginx-echo-x2flf-1264636722
$ kubectl describe order
Status:
Authorizations:
Challenges:
Token: bArXItH3_w1FLvjPfFprj2ksjFHPwZ0K6Vb25MlybRU
Type: http-01
URL: https://acme-v02.api.letsencrypt.org/acme/chall-v3/107853386656/VmvKxA
Token: bArXItH3_w1FLvjPfFprj2ksjFHPwZ0K6Vb25MlybRU
Type: dns-01
URL: https://acme-v02.api.letsencrypt.org/acme/chall-v3/107853386656/LgcZ5Q
Token: bArXItH3_w1FLvjPfFprj2ksjFHPwZ0K6Vb25MlybRU
Type: tls-alpn-01
URL: https://acme-v02.api.letsencrypt.org/acme/chall-v3/107853386656/Ut9rIQ
Identifier: www.example.com
Initial State: pending
URL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/107853386656
Wildcard: false
Finalize URL: https://acme-v02.api.letsencrypt.org/acme/finalize/540497076/88058915876
State: pending
URL: https://acme-v02.api.letsencrypt.org/acme/order/540497076/88058915876
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Created 6m16s cert-manager-orders Created Challenge resource "letsencrypt-nginx-echo-x2flf-1264636722-1300283520" for domain "www.example.com"
$ kubectl describe challenge
Spec:
Authorization URL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/107853386656
Dns Name: www.example.com
Issuer Ref:
Group: cert-manager.io
Kind: ClusterIssuer
Name: letsencrypt-nginx
Key: bArXItH3_w1FLvjPfFprj2ksjFHPwZ0K6Vb25MlybRU.NSQqkslrJ8YD-aL7n_dLekPhCAy4DkdFIOF0DCAHGzo
Solver:
http01:
Ingress:
Class: nginx
Token: bArXItH3_w1FLvjPfFprj2ksjFHPwZ0K6Vb25MlybRU
Type: HTTP-01
URL: https://acme-v02.api.letsencrypt.org/acme/chall-v3/107853386656/VmvKxA
Wildcard: false
Status:
Presented: true
Processing: true
Reason: Waiting for HTTP-01 challenge propagation: failed to perform self check GET request 'http://www.example.com/.well-known/acme-challenge/bArXItH3_w1FLvjPfFprj2ksjFHPwZ0K6Vb25MlybRU': Get "https://www.example.com:443/.well-known/acme-challenge/bArXItH3_w1FLvjPfFprj2ksjFHPwZ0K6Vb25MlybRU": remote error: tls: unrecognized name
State: pending
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Started 8m45s cert-manager-challenges Challenge scheduled for processing
Normal Presented 8m45s cert-manager-challenges Presented challenge using HTTP-01 challenge mechanism
如果我描述我得到的入口
TLS:
letsencrypt-nginx-echo terminates www.example.com
Rules:
Host Path Backends
---- ---- --------
www.example.com
/ backend:80 ('//myip')
Annotations: cert-manager.io/cluster-issuer: letsencrypt-nginx
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning AddedOrUpdatedWithWarning 12m nginx-ingress-controller Configuration for default/ingress-echo was added or updated ; with warning(s): TLS secret letsencrypt-nginx-echo is invalid: secret doesn't exist or of an unsupported type
Normal CreateCertificate 12m cert-manager-ingress-shim Successfully created Certificate "letsencrypt-nginx-echo"
最佳答案
我终于解决了这个问题。证书管理器正在创建一个没有指向任何地址的入口 acme-http-solver。将 acme.cert-manager.io/http01-edit-in-place: "true" 添加到我的入口文件后,一切似乎都正常。
仅仅更新资源可能还不够,但实际上要删除并重新创建它。请参阅Issue 6065
关于azure - 等待 HTTP-01 质询传播 : failed to perform self check GET request,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/72220278/
24
4
0
这两个句子有什么区别: res = requests.request('POST', url) 和 res = requests.request.post(url) 最佳答案 它们几乎是一样的:htt
我正在使用“请求对话框”来创建 Facebook 请求。为了让用户收到请求,我需要使用图形 API 访问 Request 对象。我已经尝试了大多数看起来合适的权限设置(read_requests 和
urllib.request和http.client都是python标准库。前者相关方法的文档是 here后者,here (我使用的是3.5) 有谁知道为什么标准库中有两种方法看起来做同样的事情,或者
我是 Twisted 的新手,我不明白为什么在运行我的脚本时会出现此错误。\ 基本上,该脚本由 2 个页面组成,第一个页面是一个 HTML 表单,它调用自身执行一个阻塞方法并显示结果。当请求同时发送到
我有一个客户端 JS 文件,其中包含: agent = require('superagent'); request = agent.get(url); 然后我有类似的东西 request.get(u
提前输入功能可以正常工作。但问题是,提前输入功能会在每个数据请求上发出 JSON 请求,而实际上只应针对一个特定请求发生。 我有以下 Controller : #controllers/agencie
我正在使用 Rust 开发一个小型 API,我不确定如何在两个地方访问来自 Iron 的 Request。 Authentication 中间件为 token 读取一次Request,如果路径被允许(
问题起因 今天一位网友向我们反馈,用Chrome打开某些博客文章时,会出现"Bad Request - Request Too Long. HTTP Error 400. The siz
当我从 LinkedIn 向 https://api.linkedin.com/uas/oauth/requestToken 请求请求 token 时,出现以下错误: oauth_problem=si
我只是想使用 okhttp 下载一些字节数据,但在我完成代码之前,我遇到了一个问题,android studio 报告了一个错误,说“Request(okhttp3.Request.Builder)
我正在使用 Windows 10。我想在我的系统上使用 Angular 4。当我运行 node -v 和 npm -v 时,它会显示版本。但是当我执行语句 npm install -g @angula
我正在尝试让一个简单的 Iron 示例起作用: extern crate iron; extern crate router; use iron::prelude::*; use iron::stat
我正在尝试使用嵌套字典“动态”创建一个数据输入表单(目前,我使用具有 3 个值的数组,但将来数组中的元素数量可能会有所不同)。这似乎工作正常,并且表单“正确”渲染了 html 模板(正确 = 我看到了
从 ASP.NET 中的代码隐藏访问表单或查询字符串值时,使用的优缺点是什么,例如: // short way string p = Request["param"]; 代替: // long way
我遇到了一个问题,我想知道更好的解决方法。 有五个 api 请求并行运行,第二个请求依赖于第四个请求的响应,但所有 5 个请求都已在运行。什么是更好的方法? 需要建议。提前致谢。 最佳答案 调度地面工
我收到以下错误:TypeError:序列项 0:预期字节、字节数组或具有缓冲区接口(interface)的对象、找到元组 我检查了Python文档,urllib.request.Request的参数似
当我向函数添加超时参数时,我的代码总是进入异常并打印出“我失败了”。当我删除超时参数时,代码会正常工作,并进入 try 子句。关于超时参数如何在 urllib.request 函数中工作的任何信息?
我使用 cURL 向服务器发送请求这是链接:Server Side script for cURL request我用 file_get_contents('php://input'); 读取发送的数
请大家帮帮我我正在尝试使用 NUTCH 抓取网站,但它给我错误“java.io.IOException: Job failed!” 我正在运行此命令“bin/nutch solrindex http:
在我的 AngularJS 应用程序中,我无法弄清楚如何对 then promise 的执行更改 location.url 进行单元测试。我有一个函数,登录 ,调用服务,身份验证服务 .它返回 pro
我是一名优秀的程序员,十分优秀!