K
Q

ingress nginx - proxy to external URL

8/6/2021

I search (since many days ...) How to use Ingress Nginx in order to use External url as backend.

Yes I use Service object with externalName. I also test many many directive in nginx without succes...

The goal is simple:

  • user can resolv and join only my public URL (url-public.com & url-public-2.com)
  • I want to send request to external backend than is out of my control and cluster (url-ext.com)

My ingress can resolv url-ext.com, user cannot. Of course, url-ext.com have here proper certificat and is expose as HTTPS ;). Nota : My ingress expose 2 url, but I don't think this is important.

My Code :

Service : 

kind: Service
apiVersion: v1
metadata:
  name: external-eip
  namespace: external-url
spec:
  type: ExternalName
  externalName: url-ext.com

Ingress : 

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: external-eip
  namespace: external-url
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    nginx.ingress.kubernetes.io/upstream-vhost: "url-ext.com"
    nginx.ingress.kubernetes.io/configuration-snippet: |
      #      more_clear_input_headers "Host" "X-Forwarded-Host";
      more_set_input_headers 'Host: url-ext.com';
      proxy_set_header Host url-ext.com;

spec:
  rules:
  - host: url-public.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: external-eip
            port:
              number: 443
  - host: url-public-2.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: external-eip
            port:
              number: 443

Result (curl or Browser access ) :

<html>
<head><title>504 Gateway Time-out</title></head>
<body>
<center><h1>504 Gateway Time-out</h1></center>
<hr><center>nginx</center>
</body>
</html>

And Ingress Log : 

2021/08/06 21:44:45 [error] 10873#10873: *2914631 upstream timed out (110: Operation timed out) while connecting to upstream, client: 10.203.65.14, server: url-public.com, request: "GET / HTTP/2.0", upstream: "https://10.203.64.5:443/", host: "url-ext.com"

10.203.64.5 is the real IP of url-ext.com.

And, curl https://10.203.64.5:443/ -k -v -H "Host: url-ext.com" work.

Don't ask me "why using this annotation", I don't know :p many Google search and many test ...

So, what is the correct ingress configuration for using externalName, when this externalName is (probably) under RP also ?

Nota : Rewrite and other redirect not work, because it rewrite user location and I don't want it. User canno't acces and resolv url-ext.com, only url-public.com.

Br, Thanks

-- TIPA Sylvaire-Kevin
kubernetes
nginx
nginx-ingress

Similar Questions

mutual TLS based on specific IP
How to create a Kubernetes YAML deployment object using bash only (no editor)?
How do I set up a hook to send an email on Kubernetes pod restart?
Worker Node relation to Master Node?
GKE not recognising jfrog docker image

1 Answer

8/8/2021

Reply to mySelf. The probléme was than my Ingress (and all my K8S cluster) is under HTTP Squid proxy.

I have mount all env variable for proxy but it's seems than Ingress container don't use it ...

So, for working, I juste allow my cluster to outbound 80/443 ports to need destination.

You juste need this annotation : 

    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    nginx.ingress.kubernetes.io/upstream-vhost: "url-ext.com"

But, if any of you know how to say to my ingress "use my Http proxy" ? I will need it.

br

-- TIPA Sylvaire-Kevin
Source: StackOverflow