Tetap teratur dengan koleksi
Simpan dan kategorikan konten berdasarkan preferensi Anda.
Anda dapat mengamankan gateway ingress dengan HTTPS menggunakan TLS sederhana, dan mengaktifkan koneksi HTTPS ke halaman web tertentu. Selain itu, Anda dapat mengalihkan koneksi HTTP ke HTTPS.
HTTPS membuat saluran aman melalui jaringan yang tidak aman, melindungi dari serangan man-in-the-middle, dan mengenkripsi traffic antara klien dan server. Untuk menyiapkan server web agar dapat menerima koneksi HTTPS, administrator harus membuat sertifikat kunci publik untuk server. Sertifikat ini harus ditandatangani oleh certificate authority tepercaya agar browser web dapat menerimanya tanpa peringatan.
Edit gateway bernama external-gateway di namespace kf menggunakan editor Kubernetes bawaan:
kubectl edit gateway -n kf external-gateway
Dengan asumsi Anda memiliki sertifikat dan kunci untuk layanan, buat secret Kubernetes untuk gateway ingress. Pastikan nama secret tidak diawali dengan istio atau prometheus. Untuk contoh ini, secret diberi nama myapp-https-credential.
Di bagian servers:
Tambahkan bagian untuk port 443.
Di bagian tls:, tetapkan credentialName ke nama secret yang baru saja Anda buat.
Di bagian hosts:, tambahkan nama host layanan yang ingin Anda amankan dengan HTTPS. Ini dapat ditetapkan ke seluruh domain menggunakan karakter pengganti (misalnya, *.example.com) atau dicakupkan hanya ke satu nama host (misalnya, myapp.example.com).
Seharusnya sudah ada bagian di bagian servers: untuk HTTP port 80. Simpan bagian ini dalam definisi Gateway jika Anda ingin semua traffic masuk sebagai HTTP.
Untuk mengalihkan HTTP ke HTTPS, tambahkan nilai httpsRedirect: true di bagian tls di bagian server HTTP. Lihat dokumentasi Istio Gateway untuk referensi. Perhatikan bahwa menambahkannya di bagian tempat hosts ditetapkan ke * berarti semua traffic dialihkan ke HTTPS. Jika Anda hanya ingin mengalihkan HTTP ke HTTPS untuk satu aplikasi/domain, tambahkan bagian HTTP terpisah yang menentukan pengalihan.
Di bawah ini adalah contoh spec Gateway yang menyiapkan HTTPS untuk myapp.example.com dan mengalihkan HTTP ke HTTPS untuk host tersebut:
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Sulit dipahami","hardToUnderstand","thumb-down"],["Informasi atau kode contoh salah","incorrectInformationOrSampleCode","thumb-down"],["Informasi/contoh yang saya butuhkan tidak ada","missingTheInformationSamplesINeed","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],["Terakhir diperbarui pada 2025-09-04 UTC."],[],[],null,["# Setting up HTTPS Ingress\n\nYou can secure the ingress gateway with HTTPS by using simple TLS, and enable HTTPS connections to specific webpages. In addition, you can redirect HTTP connections to HTTPS.\n\nHTTPS creates a secure channel over an insecure network, protecting against man-in-the-middle attacks and encrypting traffic between the client and server. To prepare a web server to accept HTTPS connections, an administrator must create a public key certificate for the server. This certificate must be signed by a trusted certificate authority for a web browser to accept it without warning.\n| **Note:** These instructions supplement the Istio instructions to [configure a TLS ingress gateway](https://istio.io/latest/docs/tasks/traffic-management/ingress/secure-ingress), and assume that a valid certificate and private key for the server have already been created.\n\nEdit the gateway named external-gateway in the `kf` namespace using the built-in Kubernetes editor: \n\n```\nkubectl edit gateway -n kf external-gateway\n```\n\n1. Assuming you have a certificate and key for your service, create a Kubernetes secret for the ingress gateway. Make sure the secret name does not begin with `istio` or `prometheus`. For this example, the secret is named `myapp-https-credential`.\n2. Under `servers:`\n 1. Add a section for port 443.\n 2. Under `tls:`, set the `credentialName` to the name of the secret you just created.\n 3. Under `hosts:`, add the host name of the service you want to secure with HTTPS. This can be set to an entire domain using a wildcard (e.g. `*.example.com`) or scoped to just one hostname (e.g. `myapp.example.com`).\n3. There should already be a section under `servers:` for port 80 HTTP. Keep this section in the Gateway definition if you would like all traffic to come in as HTTP.\n4. To redirect HTTP to HTTPS, add the value `httpsRedirect: true` under `tls` in the HTTP server section. See the [Istio Gateway documentation](https://istio.io/latest/docs/reference/config/networking/gateway/) for reference. Note that adding this in the section where `hosts` is set to `*` means that **all** traffic is redirected to HTTPS. If you only want to redirect HTTP to HTTPS for a single app/domain, add a separate HTTP section specifying the redirect.\n\nShown below is an example of a Gateway `spec` that sets up HTTPS for `myapp.example.com` and redirects HTTP to HTTPS for that host: \n\n spec:\n selector:\n istio: ingressgateway\n servers:\n - hosts:\n - myapp.example.com\n port:\n name: https\n number: 443\n protocol: HTTPS\n tls:\n credentialName: myapp-https-credential\n mode: SIMPLE\n - hosts:\n - myapp.example.com\n port:\n name: http-my-app\n number: 80\n protocol: HTTP\n tls:\n httpsRedirect: true\n - hosts:\n - '*'\n port:\n name: http\n number: 80\n protocol: HTTP"]]