I feel like this is a basic question but I'm struggling to find anything concrete in my research. This must be a common problem and im not sure what to google.
I'm running an air gapped Kubernetes cluster with a bunch of service on whom all have UIs. My services are exposed using NodePort. I can navigate to the ui by doing ip addr:NodePort. I have DNS setup using dnsmasq so I can access the URL at example.domain.com:NodePort.
I want to "hide" the nodeport portion of the url so that users/clients can access apps at example.domain.com/appname.
Im running an Apache Webserver to serve some files and I have implemented a bunch of redirects e.g.
Redirect permanent /appname http://example.domain.com:30000/
which works semi-nicely when access the UIs via firefox browser e.g. example.domain.com/appname. This does change the URL in the users address bar but I can live with that. The problem with this is that some clients don't automatically redirect to http://example.domain.com:30000/ and instead just present the 301 status code.
Can somebody point me in the right direction please.
Thanks
Using apache or nginx , you can just use a virtual server that hides the internal ports. I dont think you need to put any redirection , you just need to serve a url to external client from virtual server :80 whos backend, upstream nodes are your internal nodes , with node ports.
You can find easy and better examples for nginx , ha-proxy and others.
Here is an apache example:
<VirtualHost *:80>
ProxyRequests off
ServerName domain.com
<Proxy balancer://mycluster>
# WebHead1
BalancerMember http://node:NodePort
# WebHead2
BalancerMember http://node:NodePort
# Security "technically we aren't blocking
# anyone but this is the place to make
# those changes.
Require all granted
# In this example all requests are allowed.
# Load Balancer Settings
# We will be configuring a simple Round
# Robin style load balancer. This means
# that all webheads take an equal share of
# of the load.
ProxySet lbmethod=byrequests
</Proxy>
# balancer-manager
# This tool is built into the mod_proxy_balancer
# module and will allow you to do some simple
# modifications to the balanced group via a gui
# web interface.
<Location /balancer-manager>
SetHandler balancer-manager
# I recommend locking this one down to your
# your office
Require host example.org
</Location>
# Point of Balance
# This setting will allow to explicitly name the
# the location in the site that we want to be
# balanced, in this example we will balance "/"
# or everything in the site.
ProxyPass /balancer-manager !
ProxyPass / balancer://mycluster/
</VirtualHost>You have to redirect HTTP traffic from port 80 (which is standard) to your NodePort.
For example
sudo iptables -t nat -A OUTPUT -o lo -p tcp --dport 80 -j REDIRECT --to-port 30000After seeing Ijaz answer I was able to refine my google search a little and came up with the below:
/etc/hosts
192.168.100.1 example.domain.com gitlab.domain.com example<VirtualHost *:80>
ServerName gitlab.domain.com
ProxyPass / http://example.domain.com:30100/
ProxyReversePass / http://example.domain.com:30100/
</VirtualHost>
systemctl restart httpd dnsmasqIf you navigate to gitlab.domain.com you will be redirected to the correct port (30100).
The downside to this is that one has to have a domain name for every application that I deploy. I would have preferred to do something similar to:
/etc/hosts
192.168.100.1 example.domain.com example<VirtualHost *:80>
ServerName example.domain.com
ProxyPass /gitlab http://example.domain.com:30100/
ProxyReversePass /gitlab http://example.domain.com:30100/
ProxyPass /jira http://example.domain.com:30111/
ProxyReversePass /jira http://example.domain.com:30111/
</VirtualHost>However when I navigated to example.domain.com/gitlab it would append the correct url e.g. the landing page for gitlab is /users/sign_in, example.domain.com/users/sign_in however my browser displayed Not Found. The request URL /users/sign_in was not found on the server.
I couldnt figure out the correct configuration. If anyone has any further thoughts to fix this please let me know.