Comments (2)
lianglli
commented on June 14, 2024
Configmap
ssl-protocols: TLSv1 TLSv1.1 TLSv1.2 TLSv1.3
apiVersion: v1
data:
access-log-path: '"pipe:rollback /home/admin/tengine-ingress/logs/tengine-access.log
baknum=10 maxsize=5G interval=1d adjust=600"'
error-log-path: '"pipe:rollback /home/admin/tengine-ingress/logs/tengine-error.log
baknum=10 maxsize=2G interval=1d adjust=600"'
https-allow-http: "true"
log-format-upstream: $request_time|$status|$upstream_status|$remote_addr|$upstream_addr|$upstream_response_time|$time_local|$request_method|$scheme|$host|$server_port|$request_uri|$body_bytes_sent|$http_referer|$http_user_agent|$proxy_add_x_forwarded_for|$http_x_forwarded_for|$http_ns_client_ip|$http_accept_language|$connection_requests|$ssl_protocol|$ssl_cipher|$ssl_session_reused|$host|$request_length|$bytes_sent|$metadata_ssl_protocols|$ingress_route_target|$http_open|
ssl-ciphers: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:RSA+3DES:!DES-CBC3-SHA:!aNULL:!eNULL:!LOW:!MD5:!EXP:!DSS:!PSK:!SRP:!kECDH:!CAMELLIA:!IDEA:!SEED;
ssl-protocols: TLSv1 TLSv1.1 TLSv1.2 TLSv1.3
kind: ConfigMap
A ingress object with annotation TLSv1.2 and TLSv1.3 specifically
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/canary-weight-total: "1000"
nginx.ingress.kubernetes.io/ssl-protocols: TLSv1.2 TLSv1.3
nginx.ingress.kubernetes.io/ssl-redirect: "true"
creationTimestamp: "2023-10-30T09:33:15Z"
generation: 1
name: tengine-ingress-echo-ing
namespace: default
resourceVersion: "28867854"
uid: 34ff03fa-0e52-4ff4-b992-3b3625664cba
spec:
ingressClassName: opensource-ingress
rules:
- host: echo.w1.com
http:
paths:
- backend:
service:
name: tengine-ingress-echo-service
port:
number: 80
path: /
pathType: Prefix
tls:
- hosts:
- echo.w1.com
secretName: https-server-1
status:
loadBalancer:
ingress:
- {}
$ ./curl -i -k --tlsv1.0 --tls-max 1.0 https://echo.w1.com
curl: (35) error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version
$ ./curl -i -k --tlsv1.1 --tls-max 1.1 https://echo.w1.com
curl: (35) error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version
$ ./curl -i -k --tlsv1.2 --tls-max 1.2 https://echo.w1.com
HTTP/2 200
server: Tengine/3.1.0
date: Thu, 02 Nov 2023 07:31:22 GMT
content-type: text/plain; charset=utf-8
content-length: 7
strict-transport-security: max-age=31536000
ups-target-key: default-tengine-ingress-echo-service-80
x-protocol: HTTP/2.0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
echo ok
0.001|200|200|172.16.235.31|10.39.0.13:80|0.000|02/Nov/2023:07:31:22 +0000|GET|https|echo.w1.com|443|/|7|-|curl/7.78.0|172.16.235.31|-|-|-|1|TLSv1.2|ECDHE-RSA-AES128-GCM-SHA256|.|echo.w1.com|28|227|771 772|default-tengine-ingress-echo-service-80|-|
$ ./curl -i -k --tlsv1.3 --tls-max 1.3 https://echo.w1.com
HTTP/2 200
server: Tengine/3.1.0
date: Thu, 02 Nov 2023 07:31:51 GMT
content-type: text/plain; charset=utf-8
content-length: 7
strict-transport-security: max-age=31536000
ups-target-key: default-tengine-ingress-echo-service-80
x-protocol: HTTP/2.0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
echo ok
0.000|200|200|10.39.0.17|10.39.0.13:80|0.000|02/Nov/2023:07:31:51 +0000|GET|https|echo.w1.com|443|/|7|-|curl/7.78.0|10.39.0.17|-|-|-|1|TLSv1.3|TLS_AES_256_GCM_SHA384|.|echo.w1.com|28|227|771 772|default-tengine-ingress-echo-service-80|-|
from tengine-ingress.
lianglli
commented on June 14, 2024
Configmap
ssl-protocols: TLSv1 TLSv1.1 TLSv1.2 TLSv1.3
apiVersion: v1
data:
access-log-path: '"pipe:rollback /home/admin/tengine-ingress/logs/tengine-access.log
baknum=10 maxsize=5G interval=1d adjust=600"'
error-log-path: '"pipe:rollback /home/admin/tengine-ingress/logs/tengine-error.log
baknum=10 maxsize=2G interval=1d adjust=600"'
https-allow-http: "true"
log-format-upstream: $request_time|$status|$upstream_status|$remote_addr|$upstream_addr|$upstream_response_time|$time_local|$request_method|$scheme|$host|$server_port|$request_uri|$body_bytes_sent|$http_referer|$http_user_agent|$proxy_add_x_forwarded_for|$http_x_forwarded_for|$http_ns_client_ip|$http_accept_language|$connection_requests|$ssl_protocol|$ssl_cipher|$ssl_session_reused|$host|$request_length|$bytes_sent|$metadata_ssl_protocols|$ingress_route_target|$http_open|
ssl-ciphers: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:RSA+3DES:!DES-CBC3-SHA:!aNULL:!eNULL:!LOW:!MD5:!EXP:!DSS:!PSK:!SRP:!kECDH:!CAMELLIA:!IDEA:!SEED;
ssl-protocols: TLSv1 TLSv1.1 TLSv1.2 TLSv1.3
kind: ConfigMap
A ingress object with annotation TLSv1.2 and TLSv1.3 specifically
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/canary-weight-total: "1000"
nginx.ingress.kubernetes.io/ssl-protocols: TLSv1.2 TLSv1.3
nginx.ingress.kubernetes.io/ssl-redirect: "true"
creationTimestamp: "2023-10-30T09:33:15Z"
generation: 1
name: tengine-ingress-echo-ing
namespace: default
resourceVersion: "28867854"
uid: 34ff03fa-0e52-4ff4-b992-3b3625664cba
spec:
ingressClassName: opensource-ingress
rules:
- host: echo.w1.com
http:
paths:
- backend:
service:
name: tengine-ingress-echo-service
port:
number: 80
path: /
pathType: Prefix
tls:
- hosts:
- echo.w1.com
secretName: https-server-1
status:
loadBalancer:
ingress:
- {}
$ ./curl -i -k --tlsv1.0 --tls-max 1.0 https://echo.w1.com
curl: (35) error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version
$ ./curl -i -k --tlsv1.1 --tls-max 1.1 https://echo.w1.com
curl: (35) error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version
$ ./curl -i -k --tlsv1.2 --tls-max 1.2 https://echo.w1.com
HTTP/2 200
server: Tengine/3.1.0
date: Thu, 02 Nov 2023 07:31:22 GMT
content-type: text/plain; charset=utf-8
content-length: 7
strict-transport-security: max-age=31536000
ups-target-key: default-tengine-ingress-echo-service-80
x-protocol: HTTP/2.0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
echo ok
0.001|200|200|172.16.235.31|10.39.0.13:80|0.000|02/Nov/2023:07:31:22 +0000|GET|https|echo.w1.com|443|/|7|-|curl/7.78.0|172.16.235.31|-|-|-|1|TLSv1.2|ECDHE-RSA-AES128-GCM-SHA256|.|echo.w1.com|28|227|771 772|default-tengine-ingress-echo-service-80|-|
$ ./curl -i -k --tlsv1.3 --tls-max 1.3 https://echo.w1.com
HTTP/2 200
server: Tengine/3.1.0
date: Thu, 02 Nov 2023 07:31:51 GMT
content-type: text/plain; charset=utf-8
content-length: 7
strict-transport-security: max-age=31536000
ups-target-key: default-tengine-ingress-echo-service-80
x-protocol: HTTP/2.0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
echo ok
0.000|200|200|10.39.0.17|10.39.0.13:80|0.000|02/Nov/2023:07:31:51 +0000|GET|https|echo.w1.com|443|/|7|-|curl/7.78.0|10.39.0.17|-|-|-|1|TLSv1.3|TLS_AES_256_GCM_SHA384|.|echo.w1.com|28|227|771 772|default-tengine-ingress-echo-service-80|-|
from tengine-ingress.
Related Issues (20)
- HTTP Route: multiple canary ingress can be use the same upstream
- Support canary routing based on multiple upstream according to weight and total weight HOT 1
- New config 'https-allow-http' of configmap for https listener allow http request
- Supports adding HTTP query parameter of the user request to upstream based on canary routing of header, cookie or query HOT 1
- Supports adding HTTP headers of the user response to client based on canary routing of header, cookie or query HOT 1
- Supports appending HTTP headers of the user response to client based on canary routing of header, cookie or query HOT 1
- Supports multi canary ingress with same upstream for one host
- Supports different ingress and canary ingress with the same backend
- Supports routing priority of multi canary ingresses for the ingress and path
- Supports canary routing of modulo operation (mod) baed on value of cookie HOT 1
- Supports canary routing of modulo operation (mod) based on value of query param HOT 1
- 请帮忙给出https双向认证的配置写法,以及指定nginx.conf server位置的写法哈。或者指定 配置前端html指定目录也行 HOT 3
- [Static Config][emerg] unknown "https_use_timing" variable
- duplicate location "/robots.txt" when ingress has multipath HOT 1
- Supports ingressclass HOT 1
- Watch changes in Ingress and Secrets and do rolling upgrades in one time
- Supports multiple default SSL certificates
- Supports multiple origins for CORS
- Sleep time for layer 4 load balancer during stop process
- CORS is not working with lua
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tengine-ingress.