ingress-nginx icon indicating copy to clipboard operation
ingress-nginx copied to clipboard

Published 20 hours ago verified publisher icon kubernetes

location priority with rewrite-target

Open elopsod opened this issue 11 months ago • 8 comments

What happened: hi
we have next config

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-nginx
spec:
  selector:
    matchLabels:
      run: my-nginx
  replicas: 1
  template:
    metadata:
      labels:
        run: my-nginx
    spec:
      containers:
      - name: my-nginx
        image: elopsod/echo-server:0.1.0
        ports:
        - containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
  name: my-nginx
  labels:
    run: my-nginx
spec:
  ports:
  - port: 80
    targetPort: 8080
    protocol: TCP
  selector:
    run: my-nginx
---
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
  name: my-nginx
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
  ingressClassName: nginx
  rules:
    - host: test-depl.example.com
      http:
        paths:
          - path: /(.*)
            pathType: Prefix
            backend:
              service:
                name: my-nginx
                port:
                  number: 80
---
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
  name: my-ws
spec:
  ingressClassName: nginx
  rules:
    - host: test-depl.example.com
      http:
        paths:
          - path: /ws/
            pathType: Prefix
            backend:
              service:
                name: my-ws
                port:
                  number: 80
          - path: /test/
            pathType: Prefix
            backend:
              service:
                name: my-ws
                port:
                  number: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-ws
spec:
  selector:
    matchLabels:
      run: my-ws
  replicas: 1
  template:
    metadata:
      labels:
        run: my-ws
    spec:
      containers:
      - name: my-ws
        image: ghcr.io/mendhak/http-https-echo:31
        ports:
        - containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
  name: my-ws
  labels:
    run: my-ws
spec:
  ports:
  - port: 80
    targetPort: 8080
    protocol: TCP
  selector:
    run: my-ws

1) https://test-depl.example.com/               work as expected
2) https://test-depl.example.com/just           work as expected
3) https://test-depl.example.com/test/pth       work as expected
4) https://test-depl.example.com/ws/pth         error
  1. https://test-depl.example.com/ work as expected

image

  1. https://test-depl.example.com/just work as expected image

  2. https://test-depl.example.com/test/pth work as expected image

  3. https://test-depl.example.com/ws/pth response should same as for 3 (https://test-depl.example.com/test/pth), but got same as 1, 4 image

What you expected to happen: for option 4 should be same response as option 3

something with location priority

Environment:

  • Cloud provider or hardware configuration: AWS EKS

NGINX Ingress controller version (exec into the pod and run nginx-ingress-controller --version.):

NGINX Ingress controller
  Release:       v1.9.4
  Build:         846d251814a09d8a5d8d28e2e604bfc7749bcb49
  Repository:    https://github.com/kubernetes/ingress-nginx
  nginx version: nginx/1.21.6

Kubernetes version (use kubectl version):

Server Version: v1.28.5-eks-5e0fdde

elopsod avatar Mar 07 '24 18:03 elopsod

This issue is currently awaiting triage.

If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot avatar Mar 07 '24 18:03 k8s-ci-robot

/remove-kind bug

You can look at 3 pieces of info ;

  • the file nginx.conf inside the controller pod and look at the related block
  • the logs of the controller pod for the http request
  • the relevance of your requested path in context of the ingress rules

Since you have not posted any useful info other than the version of the controller, there is no data to analyse and make helpful comments

You can answer the questions that are asked in the template of a new bug report to help out

/triage needs-information

longwuyuan avatar Mar 08 '24 10:03 longwuyuan

hi nginx.conf in attachments nginx.zip

elopsod avatar Mar 08 '24 14:03 elopsod

@elopsod posting a nginx.conf does not help as much as needed, or make it easy, to make comments based on data.

  • See my comments earlier
  • Read the questions that are asked in a new bug-report template
  • Edit your issue description
  • Provide answers to the questions asked
  • Ensure to include kubectl describe output for all ingress resources
  • Ensure to include complete curl command and output with -v
  • Ensure to post logs of the controller pod

Also read docs and check the ingress config and nginx.conf yourself . For example if you have one ingress with path as / and pathType as prefix, then that rule matches all and every request, if the hostname is same on all ingresses

longwuyuan avatar Mar 08 '24 16:03 longwuyuan

Another example of good data to do some analysis, is lack of detailed explainaing.

I may be wrong so please correct me if I am. But I see lack of explaining for a rewrite rule, where the rewrite destination is $1 and the path has only 1 regexp group.

If destination is $1 and the path only has 1 regexp group, then the requested path and the rewritten path are the same. So why do you want to re-write if source and destination are same. Enable rewrite logs and check this

longwuyuan avatar Mar 08 '24 16:03 longwuyuan

hi sorry for lack of detailed explainaing, more details are below:

based on the configuration above, the routing should look like this

1) https://test-depl.example.com/               should be proxied to upstream 1
2) https://test-depl.example.com/just           should be proxied to upstream 1
3) https://test-depl.example.com/test/pth       should be proxied to upstream 2
4) https://test-depl.example.com/ws/pth         should be proxied to upstream 2

in fact the routing looks like this

1) https://test-depl.example.com/               proxied do upstream 1
2) https://test-depl.example.com/just           proxied do upstream 1
3) https://test-depl.example.com/test/pth       proxied do upstream 2
4) https://test-depl.example.com/ws/pth         proxied do UPSTREAM 1 (error here)

the config for "https://test-depl.example.com/test/pth" and "https://test-depl.example.com/ws/pth" looks like this

kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
  name: my-ws
spec:
  ingressClassName: nginx
  rules:
    - host: test-depl.example.com
      http:
        paths:
          - path: /ws/
            pathType: Prefix
            backend:
              service:
                name: my-ws
                port:
                  number: 80
          - path: /test/
            pathType: Prefix
            backend:
              service:
                name: my-ws
                port:
                  number: 80

as you can see the only difference is the path field. but routing occurs on different upstreams

elopsod avatar Mar 14 '24 11:03 elopsod

by the way if you change path: /ws/ to path: /foo/ - everything works as expected perhaps this is due to the order of location nginx.zip

cat /tmp/nginx.conf | grep 'location '
		location ~* "^/test/" {
		location ~* "^/test/" {
		location ~* "^/(.*)" {
		location ~* "^/ws/" {
		location ~* "^/ws/" {
		location ~* "^/" {
		location / {

elopsod avatar Mar 14 '24 15:03 elopsod

This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach #ingress-nginx-dev on Kubernetes Slack.

github-actions[bot] avatar Apr 14 '24 02:04 github-actions[bot]