xiaosage 工具箱里的 kubectl 可以用吗?如果kubectl 可以用,那这个pod无法连接可能是镜像的问题, 你可以用kubectl exec 试试,默认的shell 是 sh ,你的base image 是什么呢。

      wanjunlei
      `upstream ksin {
      server 1.1.1.1:30880;
      }

      server {
      listen 80;
      server_name nb.ex.cn;
      rewrite /(.*) https://nb.ex.cn permanent;
      }

      server {
      listen 443;
      server_name nb.ex.cn;
      add_header Strict-Transport-Security “max-age=63072000” always;
      ssl on;
      ssl_certificate /usr/local/nginx/nb.ex.cnpem;
      ssl_certificate_key /usr/local/nginx/nb.ex.cnkey;
      ssl_session_timeout 5m;
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
      ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
      ssl_prefer_server_ciphers on;

          location / {
            proxy_pass http://ksin;
              proxy_set_header X-Real_IP $remote_addr;
            proxy_set_header Host $host;
            proxy_set_header X_Forward_For $proxy_add_x_forwarded_for;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection ‘upgrade’;
    }
    access_log off;

      }`

      这是我的ng配置

        hongming 也是不可用的。也是 Could not connect to the container. Do you have sufficient privileges?的错误

            xiaosage

            https://www.nginx.com/blog/websocket-nginx/

            参照这个配置

            http {
    map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }
 
    upstream websocket {
        server 192.168.100.10:8010;
    }
 
    server {
        listen 8020;
        location / {
            proxy_pass http://websocket;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
            proxy_set_header Host $host;
        }
    }
}
                proxy_set_header Connection ‘upgrade’;

                这个引号不太对吧,改成

                proxy_set_header Connection $connection_upgrade;

                你也可以先确认一下,通过node port可不可以正常打开

                  5 个月 后

                  hongming 我按照这个配置在登录的时候一直报" 用户名或密码错误" 后台401,但是同样的密码可以用内网IP通过nodeport登录成功,反代到外网就不行:

                  #nginx
upstream ksconsole {
    server 192.168.13.28:30880;
}

        location / {
            proxy_pass http://ksconsole;
            proxy_set_header X-Real_IP $remote_addr;
            proxy_set_header Host $host;
            proxy_set_header X_Forward_For $proxy_add_x_forwarded_for;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
        }
                    <-- POST /login 2020/10/28T07:36:11.897
Unauthorized P {
  size: 0,
  timeout: 0,
  [Symbol(Body internals)]:
   { body:
      PassThrough {
        _readableState: [Object],
        readable: false,
        domain: null,
        _events: [Object],
        _eventsCount: 4,
        _maxListeners: undefined,
        _writableState: [Object],
        writable: false,
        allowHalfOpen: true,
        _transformState: [Object] },
     disturbed: true,
     error: null },
  [Symbol(Response internals)]:
   { url: 'http://ks-apigateway.kubesphere-system.svc/kapis/iam.kubesphere.io/v1alpha2/login',
     status: 401,
     statusText: 'Unauthorized',
     headers: C { [Symbol(map)]: [Object] } } } false
{ code: 401,
  message: 'LDAP Result Code 49 "Invalid Credentials": ',
  statusText: 'Unauthorized' }
  --> POST /login 200 39ms 16.15kb 2020/10/28T07:36:11.936
  <-- GET /kapis/monitoring.kubesphere.io/v1alpha2/namespaces/tfsmy-springboot/pods?ownerKind=Deployment&ownerName=commercial-house-api&resources_filter=commercial-house-api-76df6f7896-ldsht%24&metrics_filter=pod_cpu_usage%7Cpod_memory_usage_wo_cache%24 2020/10/28T07:36:12.812

                      rysinal 看配置没什么问题,不过看日志是'LDAP Result Code 49 "Invalid Credentials" 是不是账号密码被浏览器自动填充了?,同时用nodePort 和 nginx 代理试试, 抓下包也可以定位问题

                          hongming 最后使用了tcp代理(stream模块)可以进去了。
                          反代使用的http协议,不知道是不是跟LDAP的授权作用域有关