我参考官方文档,在web页面安装kubesphere router,基本没有自定义内容,服务无法启动。
查看容器日志,发现如下报错,最后两行显示nginx配置错误。
---—————————————————————————-
Error: exit status 1
2025/02/07 02:38:52 [warn] 51#51: the “http2_max_field_size” directive is obsolete, use the “large_client_header_buffers” directive instead in /tmp/nginx-cfg736704852:143
nginx: [warn] the “http2_max_field_size” directive is obsolete, use the “large_client_header_buffers” directive instead in /tmp/nginx-cfg736704852:143
2025/02/07 02:38:52 [warn] 51#51: the “http2_max_header_size” directive is obsolete, use the “large_client_header_buffers” directive instead in /tmp/nginx-cfg736704852:144
nginx: [warn] the “http2_max_header_size” directive is obsolete, use the “large_client_header_buffers” directive instead in /tmp/nginx-cfg736704852:144
2025/02/07 02:38:52 [warn] 51#51: the “http2_max_requests” directive is obsolete, use the “keepalive_requests” directive instead in /tmp/nginx-cfg736704852:145
nginx: [warn] the “http2_max_requests” directive is obsolete, use the “keepalive_requests” directive instead in /tmp/nginx-cfg736704852:145
2025/02/07 02:38:52 [emerg] 51#51: location “/demo1” is outside location “/demo/” in /tmp/nginx-cfg736704852:691
nginx: [emerg] location “/demo1” is outside location “/demo/” in /tmp/nginx-cfg736704852:691
nginx: configuration file /tmp/nginx-cfg736704852 test failed
---—————————————————————————-
nginx-cfg736704852内容如下,第691行中,location块中嵌套了另外一个location,导致nginx配置错误。
## start server jvmtest.test.192.168.70.42.nip.io
server {
server_name jvmtest.test.192.168.70.42.nip.io ;
listen 80 ;
listen 443 ssl http2 ;
set $proxy_upstream_name "-";
ssl_certificate_by_lua_block {
certificate.call()
}
location /demo/ {
set $namespace "test";
set $ingress_name "ngtest";
set $service_name "jvmtest";
set $service_port "8080";
set $location_path "/demo";
set $global_rate_limit_exceeding n;
rewrite_by_lua_block {
lua_ingress.rewrite({
force_ssl_redirect = false,
ssl_redirect = true,
force_no_ssl_redirect = false,
preserve_trailing_slash = false,
use_port_in_redirects = false,
global_throttle = { namespace = "", limit = 0, window_size = 0, key = { }, ignored_cidrs = { } },
})
balancer.rewrite()
plugins.run()
}
# be careful with \`access_by_lua_block\` and \`satisfy any\` directives as satisfy any
# will always succeed when there's \`access_by_lua_block\` that does not have any lua code doing \`ngx.exit(ngx.DECLINED)\`
# other authentication method such as basic auth or external auth useless - all requests will be allowed.
#access_by_lua_block {
#}
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
body_filter_by_lua_block {
plugins.run()
}
log_by_lua_block {
balancer.log()
monitor.call()
plugins.run()
}
port_in_redirect off;
set $balancer_ewma_score -1;
set $proxy_upstream_name "test-jvmtest-8080";
set $proxy_host $proxy_upstream_name;
set $pass_access_scheme $scheme;
set $pass_server_port $server_port;
set $best_http_host $http_host;
set $pass_port $pass_server_port;
set $proxy_alternative_upstream_name "";
client_max_body_size 1m;
proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the backend
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Request-ID $req_id;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Forwarded-Scheme $pass_access_scheme;
proxy_set_header X-Scheme $pass_access_scheme;
# Pass the original X-Forwarded-For
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
# Custom headers to proxied server
proxy_connect_timeout 5s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering off;
proxy_buffer_size 4k;
proxy_buffers 4 4k;
proxy_max_temp_file_size 1024m;
proxy_request_buffering on;
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
# In case of errors try the next upstream server before returning an error
proxy_next_upstream error timeout;
proxy_next_upstream_timeout 0;
proxy_next_upstream_tries 3;
location /demo1 {
proxy_pass http://192.168.71.164:9005;
}
proxy_pass http://upstream_balancer;
proxy_redirect off;
}
我在文档中没看到kubesphere router是通过什么来配置nginx服务的,不确定这是一个bug,还是跟其他服务的配置文件相关。哪位大神帮忙看一眼这个问题的原因,怎么解决,谢谢。
