/ DOCS
nav-img
Advanced

Configuring HTTPS Backend Services for an Nginx Ingress

Ingress can function as a proxy for backend services using different protocols. By default, the backend proxy channel of an ingress is an HTTP channel. To create an HTTPS channel, add the following configuration to the annotations field:

nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"

An ingress configuration example is as follows:

  1. Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
  2. Create a YAML file named ingress-test.yaml. The file name can be customized.

    vi ingress-test.yaml

    For clusters of v1.23 or later:

    apiVersion: networking.k8s.io/v1
    kind: Ingress 
    metadata: 
      name: ingress-test
      namespace: default
      annotations:
        nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    spec:
      tls: 
        - secretName: ingress-test-secret  # Replace it with your TLS key certificate.
      rules:
        - host: ''
          http:
            paths:
              - path: '/'
                backend:
                  service:
                    name: <your_service_name>  # Replace it with the name of your target Service.
                    port:
                      number: <your_service_port>  # Replace it with the port number of your target Service.
                property:
                  ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
                pathType: ImplementationSpecific
      ingressClassName: nginx

    For clusters of v1.21 or earlier:

    apiVersion: networking.k8s.io/v1beta1
    kind: Ingress
    metadata:
      name: ingress-test
      namespace: default
      annotations:
        kubernetes.io/ingress.class: nginx
        nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    spec:
      tls: 
        - secretName: ingress-test-secret  # Replace it with your TLS key certificate.
      rules:
        - host: ''
          http:
            paths:
              - path: '/'
                backend:
                  serviceName: <your_service_name>  # Replace it with the name of your target Service.
                  servicePort: <your_service_port>  # Replace it with the port number of your target Service.

  3. Create an ingress.

    kubectl create -f ingress-test.yaml

    If information similar to the following is displayed, the ingress has been created:

    ingress/ingress-test created

  4. Check the created ingress.

    kubectl get ingress

    If information similar to the following is displayed, the ingress has been created:

    NAME          CLASS   HOSTS     ADDRESS          PORTS   AGE
    ingress-test  nginx   *         121.**.**.**     80      10s

Предыдущая статья
Configuring URL Rewriting Rules for an Nginx Ingress
Следующая статья
Configuring Consistent Hashing for Load Balancing of an Nginx Ingress
Была ли эта статья полезна?
Поддержка Юридические документы
© 2025 Cloud.ru