我一直在使用Traefik在Kubernetes集群上实现自动化https,它一直运行良好!现在,我实际上想要在Traefik级别禁用终止,只需让我的后端处理https以及客户端证书身份验证 .
目前,这是我的设置
Config.toml
defaultEntryPoints = ["http","https"]
[entryPoints]
[entryPoints.http]
address = ":80"
compress = true
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
compress = true
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
CertFile = "/ssl/tls.crt"
KeyFile = "/ssl/tls.key"
这是我在Kubernetes的进入
apiVersion: v1
kind: Service
metadata:
name: backend-svc
spec:
ports:
- port: 80
targetPort: 80
selector:
app: backend
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: backend-ingress
annotations:
kubernetes.io/ingress.class: traefik
spec:
tls:
- secretName: tls-cert
rules:
- host: somewhere.com
http:
paths:
backend:
serviceName: backend-svc
servicePort: 80
这在过去的三个月里对我很有用,但是使用这种配置后,我的后端无法在传入的请求中找到客户端证书 .
通常,我会从端口80重定向到443升级 . 现在,当我尝试直接进入443时,它会产生内部服务器错误 . 当我尝试将其添加到入口注释时
traefik.frontend.passTLSCert: true # Gives 404 Error.
traefik.frontend.passTLSCert: "true" # Gives Bad Gateway Error
任何帮助都非常感谢 .
谢谢 .