nginx 서버 컨테이너는 80번 포트와 443번 포트를 listening 합니다. http로 연결되는 80번 포트로 접근할 경우, https 인 443번 포트로 301 리다이렉션 되게 해야합니다.
페이지는 http 오류만 아니라면 어떻게 보이든 상관없습니다.
이 컨테이너는 /wordpress 경로로 접근하면 IP:WPPORT 로 307 리다이렉트 되어야합니다.
/phpmyadmin 경로로 접근하면 reverse proxy 를 이용해 IP:PMAPORT 로 접근할 수 있어야합니다.
WPPORT : WordPress 포트
PMAPORT : PhpMyAdmin 포트
FROM alpine:3.12.0
RUN apk update \
&& apk --update --no-cache add \
nginx \
openssl
COPY ./nginx.sh /usr/sbin/nginx.sh
RUN chmod +x /usr/sbin/nginx.sh
COPY ./default.conf /etc/nginx/conf.d/
EXPOSE 80 443
ENTRYPOINT ["/usr/sbin/nginx.sh"]
#!/bin/sh
# ssl configuration
mkdir -p /etc/nginx/ssl
openssl req -new -x509 -nodes -newkey rsa:4096 -keyout localhost-nginx.key -out localhost-nginx.crt -days 365 -subj "/C=KR/ST=Seoul/L=Seoul/O=42Seoul/CN=localhost"
mv localhost-nginx.key /etc/nginx/ssl
mv localhost-nginx.crt /etc/nginx/ssl
mkdir -p /run/nginx
echo "<h1>hello FT_SERVICES NGINX INDEX.HTML</h1>" >> /var/www/index.html
/usr/sbin/nginx -g "daemon off;"
# redirect http to https
server {
listen 80 default_server;
listen [::]:80 default_server;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
root /var/www;
index index.html index.php;
server_name _;
ssl_certificate /etc/nginx/ssl/localhost-nginx.crt;
ssl_certificate_key /etc/nginx/ssl/localhost-nginx.key;
location / {
try_files $uri $uri/ =404;
}
# IP:WPPORT 로 307 리다이렉트
location /wordpress {
return 307 http://$host:5050/;
}
# reverse proxy 를 이용해 IP:PMAPORT 로 접근
location /phpmyadmin/ {
proxy_pass http://192.168.99.100:5000/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
}
location /index.php {
return 301 https://$host/phpmyadmin/;
}
}
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
labels:
app: nginx
spec:
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: nginx:latest
imagePullPolicy: Never
name: nginx
ports:
- containerPort: 80
- containerPort: 443
---
apiVersion: v1
kind: Service
metadata:
name: nginx
annotations:
metallb.universe.tf/allow-shared-ip: "shared"
labels:
app: nginx
spec:
type: LoadBalancer
loadBalancerIP: 192.168.99.100
selector:
app: nginx
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
- name: https
port: 443
protocol: TCP
targetPort: 443
#nginx
cd ./srcs/nginx
# "nginx image build"
docker build -t nginx:latest .
# "apply yaml"
kubectl apply -f ./nginx.yaml
hjung님 블로그: https://lecor.tistory.com/72
imagePullPolicy : https://kubernetes.io/ko/docs/concepts/configuration/overview/
레이블과 셀렉터: https://kubernetes.io/ko/docs/concepts/overview/working-with-objects/labels/
Requesting Specific IPs : https://metallb.universe.tf/usage/
307리다이렉션: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/307
https://perfectacle.github.io/2017/10/16/http-status-code-307-vs-308/
daemon: https://roseline124.github.io/kuberdocker/2019/07/24/docker-study05.html