I'm using Nginx Ingress to kubernetes services:
Does Nginx transform the request from wss:... to a ws:... ? OR Does Nginx require the back end to also have HTTPS enabled? Making it a simpler wss:... to wss:... If this is the case, then would a self signed cert be OK on the back-end? and how would I configure the proxy to connect to that back-end successfully?
I currently have Web-sockets working over HTTP to the back-end (ws:... to ws:...) and I don't really know how to go the next level and get this working over HTTPS! I guess that's the main question here.
apiVersion: k8s.nginx.org/v1
kind: VirtualServer
metadata:
name: xxxx-virtual-server
namespace: {{ .Values.tenantName }}
labels:
{{- include "xxxx.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
host: {{ .Values.tenantName }}.x.cloud
tls:
secret: aks-ingress-tls
upstreams:
- name: aaa-upstream
service: aaa-service
port: 5000
- name: bbb-upstream-socket
service: bbb-service-socket
port: 80
routes:
- path: /
matches:
- conditions:
- header: Upgrade
value: websocket
action:
pass: bbb-upstream-socket
action:
pass: aaa-upstream
I finally got this working, so for anyone else out there who are wondering the same thing, here is what I found.
I'm using Nginx Ingress to kubernetes services:
Does Nginx transform the request from wss:... to a ws:... Yes it can :-)
Does Nginx require the back end to also have HTTPS enabled: No it doesn't.
Basically we setup the socket to listen on the url "/ws/".
Connect from browser using URL like:
wss://test.cytrack.cloud/ws/
Then using Nginx Ingress Virtual Server Custom Resource we add:
apiVersion: k8s.nginx.org/v1
kind: VirtualServer
metadata:
name: abc-virtual-server
namespace: abcd
spec:
host: abcde
tls:
secret: aks-ingress-tls
upstreams:
- name: abc-upstream-socket
service: abc-service-socket
port: 80
read-timeout: 300s
send-timeout: 300s
- path: /ws/
action:
pass: abc-upstream-socket
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments