I have my assets on s3 and my service is deployed on kubernetes. Is it possible to define proxy pass in nginx-ingress. My current nginx proxy_pass assets to s3 and I want to replicate in kubernetes.
location /assets/ {
proxy_pass https://s3.ap-south-1.amazonaws.com;
}
I tried this but its not working
nginx.ingress.kubernetes.io/server-snippet: |
location /assets/ {
proxy_pass https://s3.ap-south-1.amazonaws.com/assets/;
}
You can use proxy_pass
in Ingress as in normal Nginx.
So if you have some local or public HTTP/HTTPS service which is outside of Kubernetes cluster and you want to serve this through Ingress, you just need this:
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: owncloud
namespace: default
annotations:
kubernetes.io/ingress.class: nginx
ingress.kubernetes.io/ssl-redirect: "true"
ingress.kubernetes.io/secure-backends: "true"
ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/server-snippet: |
location ~ "^/(.*)" {
proxy_pass http://192.168.250.100:8260;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
}
spec:
rules:
- host: owncloud.example.com
tls:
- hosts:
- owncloud.example.com
secretName: owncloud-example-tls
Remove ssl
, secure
, X-Forwarded-Proto
and tls
bits if you don't need HTTPS
You can add more location blocks such as ~ "^/api/(.*)"
so it works as normal Nginx
It will retain domain name so for instance in browser's address bar you will have original one. In case you need to do a full redirect, start experimenting with proxy_set_header Host $host;
removal
Hope that helps someone
You can try to use service of type ExternalName here like that:
kind: Service
apiVersion: v1
metadata:
name: s3-ap-south
spec:
type: ExternalName
externalName: s3.ap-south-1.amazonaws.com
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: s3-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
spec:
rules:
- host: YOUR_HOSTNAME
http:
paths:
- backend:
serviceName: s3-ap-south
servicePort: 443