如图,这个问题要怎么查,看什么日志呢?"

  • xiaosage

    https://www.nginx.com/blog/websocket-nginx/

    参照这个配置

    http {
    map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }
 
    upstream websocket {
        server 192.168.100.10:8010;
    }
 
    server {
        listen 8020;
        location / {
            proxy_pass http://websocket;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
            proxy_set_header Host $host;
        }
    }
}

    Could not connect to the container. Do you have sufficient privileges?
    然后界面终端显示这个错误

    论坛里搜一下 “Do you have sufficient privileges”,有人遇到这个问题

      xiaosage 工具箱里的 kubectl 可以用吗?如果kubectl 可以用,那这个pod无法连接可能是镜像的问题, 你可以用kubectl exec 试试,默认的shell 是 sh ,你的base image 是什么呢。

          wanjunlei
          `upstream ksin {
          server 1.1.1.1:30880;
          }

          server {
          listen 80;
          server_name nb.ex.cn;
          rewrite /(.*) https://nb.ex.cn permanent;
          }

          server {
          listen 443;
          server_name nb.ex.cn;
          add_header Strict-Transport-Security “max-age=63072000” always;
          ssl on;
          ssl_certificate /usr/local/nginx/nb.ex.cnpem;
          ssl_certificate_key /usr/local/nginx/nb.ex.cnkey;
          ssl_session_timeout 5m;
          ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
          ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
          ssl_prefer_server_ciphers on;

              location / {
            proxy_pass http://ksin;
              proxy_set_header X-Real_IP $remote_addr;
            proxy_set_header Host $host;
            proxy_set_header X_Forward_For $proxy_add_x_forwarded_for;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection ‘upgrade’;
    }
    access_log off;

          }`

          这是我的ng配置

            hongming 也是不可用的。也是 Could not connect to the container. Do you have sufficient privileges?的错误

                xiaosage

                https://www.nginx.com/blog/websocket-nginx/

                参照这个配置

                http {
    map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }
 
    upstream websocket {
        server 192.168.100.10:8010;
    }
 
    server {
        listen 8020;
        location / {
            proxy_pass http://websocket;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
            proxy_set_header Host $host;
        }
    }
}
                    proxy_set_header Connection ‘upgrade’;

                    这个引号不太对吧,改成

                    proxy_set_header Connection $connection_upgrade;

                    你也可以先确认一下,通过node port可不可以正常打开

                      6 个月 后

                      hongming 我按照这个配置在登录的时候一直报" 用户名或密码错误" 后台401,但是同样的密码可以用内网IP通过nodeport登录成功,反代到外网就不行:

                      #nginx
upstream ksconsole {
    server 192.168.13.28:30880;
}

        location / {
            proxy_pass http://ksconsole;
            proxy_set_header X-Real_IP $remote_addr;
            proxy_set_header Host $host;
            proxy_set_header X_Forward_For $proxy_add_x_forwarded_for;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
        }
                        <-- POST /login 2020/10/28T07:36:11.897
Unauthorized P {
  size: 0,
  timeout: 0,
  [Symbol(Body internals)]:
   { body:
      PassThrough {
        _readableState: [Object],
        readable: false,
        domain: null,
        _events: [Object],
        _eventsCount: 4,
        _maxListeners: undefined,
        _writableState: [Object],
        writable: false,
        allowHalfOpen: true,
        _transformState: [Object] },
     disturbed: true,
     error: null },
  [Symbol(Response internals)]:
   { url: 'http://ks-apigateway.kubesphere-system.svc/kapis/iam.kubesphere.io/v1alpha2/login',
     status: 401,
     statusText: 'Unauthorized',
     headers: C { [Symbol(map)]: [Object] } } } false
{ code: 401,
  message: 'LDAP Result Code 49 "Invalid Credentials": ',
  statusText: 'Unauthorized' }
  --> POST /login 200 39ms 16.15kb 2020/10/28T07:36:11.936
  <-- GET /kapis/monitoring.kubesphere.io/v1alpha2/namespaces/tfsmy-springboot/pods?ownerKind=Deployment&ownerName=commercial-house-api&resources_filter=commercial-house-api-76df6f7896-ldsht%24&metrics_filter=pod_cpu_usage%7Cpod_memory_usage_wo_cache%24 2020/10/28T07:36:12.812

                          rysinal 看配置没什么问题,不过看日志是'LDAP Result Code 49 "Invalid Credentials" 是不是账号密码被浏览器自动填充了?,同时用nodePort 和 nginx 代理试试, 抓下包也可以定位问题

                              hongming 最后使用了tcp代理(stream模块)可以进去了。
                              反代使用的http协议,不知道是不是跟LDAP的授权作用域有关

                                商业产品与合作咨询