Pablo Estrada
Pablo Estrada

Reputation: 3462

Nginx Ingress Controller: What is the purpose of the host variable?

I have this nginx ingress controller:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: my-ingress
  annotations:
    nginx.ingress.kubernetes.io/use-regex: "true"
    kubernetes.io/ingress.allow-http: "true"
    nginx.ingress.kubernetes.io/enable-cors: "true"
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
    # Limit uploads to 8TB
    nginx.ingress.kubernetes.io/proxy-body-size: 800000m
spec:
  rules:
  - host: myhost.info
    http:
      paths:
      # NOTE: this one should come after all other routes. To avoid hijacking requests.
      - path: /api/walrus(/|$)(.*)
        backend:
          serviceName: service-a
          servicePort: 8080
      - path: /api(/|$)(.*)
        backend:
          serviceName: service-b
          servicePort: 8080
      - path: /(.*)
        backend:
          serviceName: frontend
          servicePort: 8080
  - http:
      paths:
      # NOTE: this one should come after all other routes. To avoid hijacking requests.
      - path: /api/walrus(/|$)(.*)
        backend:
          serviceName: service-a
          servicePort: 8080
      - path: /api(/|$)(.*)
        backend:
          serviceName: service-b
          servicePort: 8080
      - path: /(.*)
        backend:
          serviceName: frontend
          servicePort: 8080

I duplicated the paths just make it clear. My question is, what is the difference in the end result when I add the host key vs when I don't?

Until now I've used it because if I don't have it I'm getting my POST request redirected into get request as in this question: Kubernetes NGINX Ingress changes HTTP request from a POST to a GET

But I also noticed that on EKS, if I DO add a host, the ingress just returns 404 for everything until I remove it and leavit only with http. So I'm a bit confused on this and wanted someone to clarify the correct way to do things here.

Also, for a production enviroment, how do I set the host correctly to a public domain and how do I set the tls certificates?

Upvotes: 0

Views: 587

Answers (1)

David Chandler
David Chandler

Reputation: 349

Regarding HTTPS: https://aws.amazon.com/blogs/opensource/network-load-balancer-nginx-ingress-controller-eks/#bGA9CAkdlMh has a section "Defining the Ingress resource (with SSL termination) to route traffic to the services created above" that shows how to terminate TLS at nginx-ingress. Even if you're not using an AWS Network Load Balancer (NLB), that may be helpful. In the case of AWS with an NLB, you have another option, terminating at the NLB: https://aws.amazon.com/blogs/aws/new-tls-termination-for-network-load-balancers/

There are two nginx ingress controllers, and it's unclear which one you're using. The nginxinc controller requires a 'host'. The other, https://github.com/kubernetes/ingress-nginx, I'm not sure about. When you use TLS, nginx uses SNI for HTTPS, which seems like it would require a 'host': http://nginx.org/en/docs/http/configuring_https_servers.html#sni

Upvotes: 2

Related Questions