SSL/TLS 示例
此页面提供 SSL/TLS 配置的示例。
基本 HTTPS 配置
yaml
version: v1
port: 8080
https:
port: 8443
ssl:
- domain: example.com
cert:
certificate: /etc/ssl/example.com/fullchain.pem
certificate_key: /etc/ssl/example.com/privkey.pem多域名
yaml
version: v1
port: 8080
https:
port: 8443
ssl:
- domain: example.com
cert:
certificate: /etc/ssl/example.com/fullchain.pem
certificate_key: /etc/ssl/example.com/privkey.pem
- domain: api.example.com
cert:
certificate: /etc/ssl/api.example.com/fullchain.pem
certificate_key: /etc/ssl/api.example.com/privkey.pem
- domain: admin.example.com
cert:
certificate: /etc/ssl/admin.example.com/fullchain.pem
certificate_key: /etc/ssl/admin.example.com/privkey.pemLet's Encrypt 证书
yaml
version: v1
port: 8080
https:
port: 8443
ssl:
- domain: example.com
cert:
certificate: /etc/letsencrypt/live/example.com/fullchain.pem
certificate_key: /etc/letsencrypt/live/example.com/privkey.pem带后端服务的 HTTPS
yaml
version: v1
port: 8080
https:
port: 8443
ssl:
- domain: example.com
cert:
certificate: /etc/ssl/example.com/fullchain.pem
certificate_key: /etc/ssl/example.com/privkey.pem
rules:
- host: example.com
backend:
service:
name: backend-service
port: 8080
protocol: http # 后端使用 HTTP,TLS 在 Ingress 终止HTTP 到 HTTPS 重定向
yaml
version: v1
port: 8080
https:
port: 8443
ssl:
- domain: example.com
cert:
certificate: /etc/ssl/example.com/fullchain.pem
certificate_key: /etc/ssl/example.com/privkey.pem
rules:
- host: example.com
backend:
redirect:
url: https://example.com
permanent: true测试
HTTPS 请求
bash
curl https://example.com:8443/api验证证书
bash
openssl s_client -connect example.com:8443 -servername example.com证书重新加载
更新证书后,重新加载配置:
bash
kill -HUP $(cat /tmp/gozoox.ingress.pid)