{"id":749,"date":"2020-08-29T10:05:49","date_gmt":"2020-08-29T02:05:49","guid":{"rendered":"https:\/\/www.linuxdevops.cn\/?p=749"},"modified":"2020-08-29T10:35:12","modified_gmt":"2020-08-29T02:35:12","slug":"configure-mutual-authentication-for-ingress-nginx-mtls","status":"publish","type":"post","link":"https:\/\/www.linuxdevops.cn\/2020\/08\/configure-mutual-authentication-for-ingress-nginx-mtls\/","title":{"rendered":"\u4e3a Ingress-nginx \u914d\u7f6e\u53cc\u5411\u8ba4\u8bc1**mtls**"},"content":{"rendered":"\n<p>\u9996\u5148\u4ec0\u4e48\u662f mtls \uff08\u53cc\u5411\u8ba4\u8bc1\uff09\uff1f\u5b83\u662f\u4e00\u4e2a\u8fc7\u7a0b\uff0c\u5728\u8fd9\u4e2a\u8fc7\u7a0b\u4e2d\uff0c\u5ba2\u6237\u673a\u548c\u670d\u52a1\u5668\u90fd\u901a\u8fc7\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u5f7c\u6b64\u9a8c\u8bc1\u8eab\u4efd\u3002 \u76f8\u4fe1 tls \u5927\u5bb6\u90fd\u6bd4\u8f83\u719f\u6089\uff0c\u5c31\u662f server \u7aef\u63d0\u4f9b\u4e00\u4e2a\u6388\u4fe1\u8bc1\u4e66\uff0c\u5f53\u6211\u4eec\u4f7f\u7528 https \u534f\u8bae\u8bbf\u95eeserver\u7aef\u65f6\uff0cclient \u4f1a\u5411 server \u7aef\u7d22\u53d6\u8bc1\u4e66\u5e76\u8ba4\u8bc1\uff08\u6d4f\u89c8\u5668\u4f1a\u4e0e\u81ea\u5df1\u7684\u6388\u4fe1\u57df\u5339\u914d\u6216\u5f39\u51fa\u4e0d\u5b89\u5168\u7684\u9875\u9762\uff09\u3002 mtls \u5219\u662f\u7531\u540c\u4e00\u4e2a root ca \u751f\u6210\u4e24\u5957\u8bc1\u4e66\uff0c\u5373\u5ba2\u6237\u7aef\u8bc1\u4e66\u548c\u670d\u52a1\u7aef\u8bc1\u4e66\u3002\u5ba2\u6237\u7aef\u4f7f\u7528 https \u8bbf\u95ee\u670d\u52a1\u7aef\u65f6\uff0c\u53cc\u65b9\u4f1a\u4ea4\u6362\u8bc1\u4e66\uff0c\u5e76\u8fdb\u884c\u8ba4\u8bc1\uff0c\u8ba4\u8bc1\u901a\u8fc7\u65b9\u53ef\u901a\u4fe1\u3002<\/p>\n\n\n\n<p><strong>\u8bc1\u4e66\u751f\u6210<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>\u8bc1\u4e66\u683c\u5f0f\u7c7b\u578b<\/strong><\/h3>\n\n\n\n<p>\u8bc1\u4e66\u4e3b\u8981\u7684\u683c\u5f0f\u6709\u4ee5\u4e0b\u51e0\u79cd<\/p>\n\n\n\n<ul><li>.DER .CER\uff0c\u6587\u4ef6\u662f\u4e8c\u8fdb\u5236\u683c\u5f0f\uff0c\u53ea\u4fdd\u5b58\u8bc1\u4e66\uff0c\u4e0d\u4fdd\u5b58\u79c1\u94a5\u3002Java \u548c Windows \u670d\u52a1\u5668\u504f\u5411\u4e8e\u4f7f\u7528\u8fd9\u79cd\u7f16\u7801\u683c\u5f0f\u3002<\/li><li>.PEM\uff0c\u4e00\u822c\u662f\u6587\u672c\u683c\u5f0f\uff0c\u53ef\u4fdd\u5b58\u8bc1\u4e66\uff0c\u53ef\u4fdd\u5b58\u79c1\u94a5\u3002Privacy Enhanced Mail\uff0c\u4e00\u822c\u4e3a\u6587\u672c\u683c\u5f0f\uff0c\u4ee5 \u2014\u2013BEGIN\u2026 \u5f00\u5934\uff0c\u4ee5 \u2014\u2013END\u2026 \u7ed3\u5c3e\u3002\u4e2d\u95f4\u7684\u5185\u5bb9\u662f BASE64 \u7f16\u7801\u3002\u8fd9\u79cd\u683c\u5f0f\u53ef\u4ee5\u4fdd\u5b58\u8bc1\u4e66\u548c\u79c1\u94a5\uff0c\u6709\u65f6\u6211\u4eec\u4e5f\u628aPEM \u683c\u5f0f\u7684\u79c1\u94a5\u7684\u540e\u7f00\u6539\u4e3a .key \u4ee5\u533a\u522b\u8bc1\u4e66\u4e0e\u79c1\u94a5\u3002\u5177\u4f53\u4f60\u53ef\u4ee5\u770b\u6587\u4ef6\u7684\u5185\u5bb9\u3002\u8fd9\u79cd\u683c\u5f0f\u5e38\u7528\u4e8e Apache \u548c Nginx \u670d\u52a1\u5668\u3002<\/li><li>.CRT\uff0cCertificate \u7684\u7b80\u79f0\uff0c\u6709\u53ef\u80fd\u662f PEM \u7f16\u7801\u683c\u5f0f\uff0c\u4e5f\u6709\u53ef\u80fd\u662f DER \u7f16\u7801\u683c\u5f0f\u3002\u53ef\u4ee5\u662f\u4e8c\u8fdb\u5236\u683c\u5f0f\uff0c\u53ef\u4ee5\u662f\u6587\u672c\u683c\u5f0f\uff0c\u4e0e .DER \u683c\u5f0f\u76f8\u540c\uff0c\u4e0d\u4fdd\u5b58\u79c1\u94a5\u3002<\/li><li>.PFX .P12\uff0c\u4e8c\u8fdb\u5236\u683c\u5f0f\uff0c\u540c\u65f6\u5305\u542b\u8bc1\u4e66\u548c\u79c1\u94a5\uff0c\u4e00\u822c\u6709\u5bc6\u7801\u4fdd\u62a4\u3002Predecessor of PKCS#12\uff0c\u8fd9\u79cd\u683c\u5f0f\u662f\u4e8c\u8fdb\u5236\u683c\u5f0f\uff0c\u4e14\u8bc1\u4e66\u548c\u79c1\u94a5\u5b58\u5728\u4e00\u4e2a PFX \u6587\u4ef6\u4e2d\u3002\u4e00\u822c\u7528\u4e8e Windows \u4e0a\u7684 IIS \u670d\u52a1\u5668\u3002\u6539\u683c\u5f0f\u7684\u6587\u4ef6\u4e00\u822c\u4f1a\u6709\u4e00\u4e2a\u5bc6\u7801\u7528\u4e8e\u4fdd\u8bc1\u79c1\u94a5\u7684\u5b89\u5168\u3002<\/li><li>.JKS\uff0c\u4e8c\u8fdb\u5236\u683c\u5f0f\uff0c\u540c\u65f6\u5305\u542b\u8bc1\u4e66\u548c\u79c1\u94a5\uff0c\u4e00\u822c\u6709\u5bc6\u7801\u4fdd\u62a4\u3002Java Key Storage\uff0c\u5f88\u5bb9\u6613\u77e5\u9053\u8fd9\u662f JAVA \u7684\u4e13\u5c5e\u683c\u5f0f\uff0c\u5229\u7528 JAVA \u7684\u4e00\u4e2a\u53eb keytool \u7684\u5de5\u5177\u53ef\u4ee5\u8fdb\u884c\u683c\u5f0f\u8f6c\u6362\u3002\u4e00\u822c\u7528\u4e8e Tomcat \u670d\u52a1\u5668\u3002<\/li><\/ul>\n\n\n\n<p>\/\/ <strong>\u751f\u6210\u6839\u8bc1\u4e66\uff08ROOT CA\uff09<\/strong><\/p>\n\n\n\n<ul><li> openssl genrsa -out ca.pem 2048 <\/li><li> \u751f\u6210\u6839\u8bc1\u4e66\u7684\u5bc6\u5319\u3002 <\/li><li> openssl req -x509 -new -key ca.pem -days 3650 -out ca.crt -subj \"\/C=CN\/ST=SD\/L=JN\/O=WANGFENGCA\/OU=WFCA\/CN=wangfeng.live\"<\/li><\/ul>\n\n\n\n<p>\/\/ <strong>\u751f\u6210 \u670d\u52a1\u7aef\u8bc1\u4e66<\/strong> <\/p>\n\n\n\n<ul><li>openssl genrsa -out server.pem 2048  <\/li><li>\u751f\u6210\u670d\u52a1\u5668\u7aef\u7684\u5bc6\u5319\u3002 <\/li><li> openssl req -new -key server.pem -out server.csr -subj \"\/C=CN\/ST=SD\/L=JN\/O=WANGFENG\/OU=WF\/CN=*.wangfeng.live\"  \u751f\u6210\u670d\u52a1\u5668\u7aef\u8bc1\u4e66\u7684\u8bf7\u6c42\u6587\u4ef6\u3002\u8bf7\u6c42\u6839\u8bc1\u4e66\u6765\u7b7e\u53d1\u3002 <\/li><li> openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.pem -CAcreateserial -days 3650 -out server.crt  <\/li><li>\u7528\u6839\u8bc1\u4e66\u6765\u7b7e\u53d1\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u6587\u4ef6\uff0c\u751f\u6210\u670d\u52a1\u5668\u7aef\u8bc1\u4e66server.crt\u3002<\/li><\/ul>\n\n\n\n<p>\/\/ <strong>\u751f\u6210 \u5ba2\u6237\u7aef\u8bc1\u4e66<\/strong> <\/p>\n\n\n\n<ul><li>openssl genrsa -out client.pem 2048 <\/li><li>\u751f\u6210\u5ba2\u6237\u7aef\u7684\u5bc6\u5319\u3002<\/li><li>openssl req -new -key client.pem -out client.csr -subj \"\/C=CN\/ST=SD\/L=JN\/O=ALIY\/OU=AL\/CN=aliyunrenzheng\" <\/li><li>\u751f\u6210\u5ba2\u6237\u7aef\u8bc1\u4e66\u7684\u8bf7\u6c42\u6587\u4ef6\u3002\u8bf7\u6c42\u6839\u8bc1\u4e66\u6765\u7b7e\u53d1\u3002<\/li><li>openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.pem -CAcreateserial -days 3650 -out client.crt <\/li><li>\u7528\u6839\u8bc1\u4e66\u6765\u7b7e\u53d1\u5ba2\u6237\u7aef\u8bf7\u6c42\u6587\u4ef6\uff0c\u751f\u6210\u5ba2\u6237\u7aef\u8bc1\u4e66client.crt\u3002<\/li><li>openssl pkcs12 -export -in client.crt -inkey client.pem -out client.pkcs12 <\/li><li>\u6253\u5305\u5ba2\u6237\u7aef\u8d44\u6599\u4e3apkcs12\u683c\u5f0f(client.pkcs12)\u3002\u9700\u8981\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8bb0\u4f4f\u3002 \u5bc6\u7801\uff1awangfeng<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">keytool<\/h3>\n\n\n\n<p>keytool \u662f\u4e2a\u5bc6\u94a5\u548c\u8bc1\u4e66\u7ba1\u7406\u5de5\u5177\u3002\u5b83\u4f7f\u7528\u6237\u80fd\u591f\u7ba1\u7406\u81ea\u5df1\u7684<a href=\"https:\/\/baike.baidu.com\/item\/%E5%85%AC%E9%92%A5\">\u516c\u94a5<\/a>\/\u79c1\u94a5\u5bf9\u53ca\u76f8\u5173\u8bc1\u4e66\uff0c\u7528\u4e8e\uff08\u901a\u8fc7<a href=\"https:\/\/baike.baidu.com\/item\/%E6%95%B0%E5%AD%97%E7%AD%BE%E5%90%8D\">\u6570\u5b57\u7b7e\u540d<\/a>\uff09\u81ea\u6211\u8ba4\u8bc1\uff08\u7528\u6237\u5411\u522b\u7684\u7528\u6237\/\u670d\u52a1\u8ba4\u8bc1\u81ea\u5df1\uff09\u6216<a href=\"https:\/\/baike.baidu.com\/item\/%E6%95%B0%E6%8D%AE%E5%AE%8C%E6%95%B4%E6%80%A7\">\u6570\u636e\u5b8c\u6574\u6027<\/a>\u4ee5\u53ca\u8ba4\u8bc1\u670d\u52a1\u3002\u5b83\u8fd8\u5141\u8bb8\u7528\u6237\u50a8\u5b58\u4ed6\u4eec\u7684\u901a\u4fe1\u5bf9\u7b49\u8005\u7684\u516c\u94a5\uff08\u4ee5\u8bc1\u4e66\u5f62\u5f0f\uff09\u3002(\u4e00\u4e0b\u7528\u4e8ejava)<\/p>\n\n\n\n<ul><li>keytool -importkeystore -srckeystore client.jks -destkeystore client.jks -deststoretype pkcs12 <\/li><li>\u751f\u6210\u5ba2\u6237\u7aefkeystore(client.jks)\u3002\u4f7f\u7528keytool\u7684importkeystore\u6307\u4ee4\u3002pkcs12\u8f6cjks\u3002\u9700\u8981pkcs12\u5bc6\u7801\u548cjks\u5bc6\u7801\u3002<\/li><li> keytool -importcert -alias ca -file ca.crt -keystore clienttrust.jks <\/li><li>\u751f\u6210Client\u7aef\u7684\u5bf9\u5916KeyStore\u3002\u5148\u628a\u6839\u8bc1\u4e66\u653e\u5230\u91cc\u9762\u3002<\/li><li> keytool -importcert -alias clientcert -file client.crt -keystore clienttrust.jks <\/li><li>\u628aClient\u8bc1\u4e66\u52a0\u5230\u5bf9\u5916KeyStore\u91cc\u9762\u3002<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>K8s ingress \u914d\u7f6e<\/strong><\/h2>\n\n\n\n<p>\u9996\u5148\u6211\u4eec\u9700\u8981\u5728ingress \u6240\u5728\u7684 namespace \u4e0b\u521b\u5efa\u5bf9\u5e94\u7684 secret<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">kubectl create secret generic ca-secret --from-file=ca.crt=ca.crt<br>kubectl create secret generic tls-secret --from-file=tls.crt=server.crt --from-file=tls.key=server.key<\/pre>\n\n\n\n<p>\u521b\u5efaingress\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">apiVersion: extensions\/v1beta1\nkind: Ingress\nmetadata:\nannotations:\n\u00a0 kubernetes.io\/ingress.class: nginx\n\u00a0 \u00a0# \u5f00\u542f\u5ba2\u6237\u7aef\u8ba4\u8bc1\n\u00a0 nginx.ingress.kubernetes.io\/auth-tls-verify-client: \"on\"\n\u00a0 \u00a0# \u6307\u5b9aroot ca \u7684 secret\n\u00a0 nginx.ingress.kubernetes.io\/auth-tls-secret: \"default\/ca-secret\"\n\u00a0 \u00a0# \u6307\u5b9a\u9a8c\u8bc1\u8bc1\u4e66\u94fe\u7684\u6df1\u5ea6\n\u00a0 nginx.ingress.kubernetes.io\/auth-tls-verify-depth: \"1\"\n\u00a0 \u00a0# \u662f\u5426\u5c06\u8bc1\u4e66\u4f20\u9012\u7ed9\u540e\u7aef\u7684\u670d\u52a1\n\u00a0 nginx.ingress.kubernetes.io\/auth-tls-pass-certificate-to-upstream: \"true\"\nname: test-server\nnamespace: default\nspec:\nrules:\n- host: test.wangfeng.live\n\u00a0 http:\n\u00a0 \u00a0 paths:\n\u00a0 \u00a0 - backend:\n\u00a0 \u00a0 \u00a0 \u00a0 serviceName: test-server\n\u00a0 \u00a0 \u00a0 \u00a0 servicePort: 8080\n\u00a0 \u00a0 \u00a0 path: \/\ntls:\n- hosts:\n\u00a0 - test.wangfeng.live\n\u00a0 secretName: tls-secret<\/pre>\n\n\n\n<p><strong>\u9a8c\u8bc1<\/strong>\uff1a<\/p>\n\n\n\n<p>\u8fd9\u91cc\u6211\u4eec\u968f\u4fbf\u8d77\u4e00\u4e2a nginx \u7684\u670d\u52a1:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">kubectl run my-nginx --image=nginx --replicas=2 --port=80<br>kubectl expose deployment my-nginx --type=NodePort --port=80 --target-port=80<\/pre>\n\n\n\n<p>\u6309\u7167\u4e0a\u8ff0\u914d\u7f6e\uff0c\u521b\u5efa secret\u3001ingress\u3002<\/p>\n\n\n\n<p>\u901a\u8fc7 <code>curl<\/code> \u8bbf\u95ee\u6211\u4eec\u7684\u670d\u52a1 <code>curl -k https:\/\/x.x.x.x\/<\/code>\uff0c\u4f1a\u53d1\u73b0\u8fd4\u56de\u4e86\u4e00\u4e2a 400 \u7684response<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">[root@my ~]# curl -k https:\/\/10.48.51.222\/<br>&lt;html&gt;<br>&lt;head&gt;&lt;title&gt;400 No required SSL certificate was sent&lt;\/title&gt;&lt;\/head&gt;<br>&lt;body&gt;<br>&lt;center&gt;&lt;h1&gt;400 Bad Request&lt;\/h1&gt;&lt;\/center&gt;<br>&lt;center&gt;No required SSL certificate was sent&lt;\/center&gt;<br>&lt;hr&gt;&lt;center&gt;openresty\/1.15.8.1&lt;\/center&gt;<br>&lt;\/body&gt;<br>&lt;\/html&gt;<\/pre>\n\n\n\n<p>\u8fd9\u5c31\u8bf4\u660e\u670d\u52a1\u7aef\u8ba4\u4e3a\u6211\u4eec\u662f\u4e0d\u53ef\u4fe1\u7684\uff0c\u56e0\u4e3a\u6ca1\u6709\u643a\u5e26\u8bc1\u4e66\u3002\u5f53\u6211\u4eec\u643a\u5e26\u8bc1\u4e66\u53bb\u8bbf\u95ee\uff0c<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">curl -k --cert client.pem --key key.pem https:\/\/x.x.x.x<\/pre>\n\n\n\n<p>\/\u5219\u4f1a\u8fd4\u56de\u6b63\u5e38\u9875\u9762\u3002<\/p>\n\n\n\n<p>\u53c2\u8003\uff1a<a href=\"https:\/\/zhuanlan.zhihu.com\/p\/140752944?from_voters_page=true\">https:\/\/zhuanlan.zhihu.com\/p\/140752944?from_voters_page=true<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u9996\u5148\u4ec0\u4e48\u662f mtls \uff08\u53cc\u5411\u8ba4\u8bc1\uff09\uff1f\u5b83\u662f\u4e00\u4e2a\u8fc7\u7a0b\uff0c\u5728\u8fd9\u4e2a\u8fc7\u7a0b\u4e2d\uff0c\u5ba2\u6237\u673a\u548c\u670d\u52a1\u5668\u90fd\u901a\u8fc7\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u5f7c\u6b64\u9a8c\u8bc1\u8eab\u4efd\u3002<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,17],"tags":[36,35,37,21],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>\u4e3a Ingress-nginx \u914d\u7f6e\u53cc\u5411\u8ba4\u8bc1**mtls** - Linux\u81ea\u52a8\u5316\u8fd0\u7ef4<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.linuxdevops.cn\/2020\/08\/configure-mutual-authentication-for-ingress-nginx-mtls\/\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u4e3a Ingress-nginx \u914d\u7f6e\u53cc\u5411\u8ba4\u8bc1**mtls** - Linux\u81ea\u52a8\u5316\u8fd0\u7ef4\" \/>\n<meta property=\"og:description\" content=\"\u9996\u5148\u4ec0\u4e48\u662f mtls \uff08\u53cc\u5411\u8ba4\u8bc1\uff09\uff1f\u5b83\u662f\u4e00\u4e2a\u8fc7\u7a0b\uff0c\u5728\u8fd9\u4e2a\u8fc7\u7a0b\u4e2d\uff0c\u5ba2\u6237\u673a\u548c\u670d\u52a1\u5668\u90fd\u901a\u8fc7\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u5f7c\u6b64\u9a8c\u8bc1\u8eab\u4efd\u3002\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.linuxdevops.cn\/2020\/08\/configure-mutual-authentication-for-ingress-nginx-mtls\/\" \/>\n<meta property=\"og:site_name\" content=\"Linux\u81ea\u52a8\u5316\u8fd0\u7ef4\" \/>\n<meta property=\"article:published_time\" content=\"2020-08-29T02:05:49+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-08-29T02:35:12+00:00\" \/>\n<meta name=\"author\" content=\"\u7ba1\u7406\u5458\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.linuxdevops.cn\/2020\/08\/configure-mutual-authentication-for-ingress-nginx-mtls\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.linuxdevops.cn\/2020\/08\/configure-mutual-authentication-for-ingress-nginx-mtls\/\"},\"author\":{\"name\":\"\u7ba1\u7406\u5458\",\"@id\":\"https:\/\/www.linuxdevops.cn\/#\/schema\/person\/3e206335d5796fdd8679e449df72a0d1\"},\"headline\":\"\u4e3a Ingress-nginx \u914d\u7f6e\u53cc\u5411\u8ba4\u8bc1**mtls**\",\"datePublished\":\"2020-08-29T02:05:49+00:00\",\"dateModified\":\"2020-08-29T02:35:12+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.linuxdevops.cn\/2020\/08\/configure-mutual-authentication-for-ingress-nginx-mtls\/\"},\"wordCount\":256,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.linuxdevops.cn\/#\/schema\/person\/3e206335d5796fdd8679e449df72a0d1\"},\"keywords\":[\"\u2018\u53cc\u5411\u8ba4\u8bc1\u2019\",\"ingress\",\"k8s\",\"NGINX\"],\"articleSection\":[\"Kubernetes\",\"Linux\"],\"inLanguage\":\"zh-CN\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.linuxdevops.cn\/2020\/08\/configure-mutual-authentication-for-ingress-nginx-mtls\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.linuxdevops.cn\/2020\/08\/configure-mutual-authentication-for-ingress-nginx-mtls\/\",\"url\":\"https:\/\/www.linuxdevops.cn\/2020\/08\/configure-mutual-authentication-for-ingress-nginx-mtls\/\",\"name\":\"\u4e3a Ingress-nginx \u914d\u7f6e\u53cc\u5411\u8ba4\u8bc1**mtls** - Linux\u81ea\u52a8\u5316\u8fd0\u7ef4\",\"isPartOf\":{\"@id\":\"https:\/\/www.linuxdevops.cn\/#website\"},\"datePublished\":\"2020-08-29T02:05:49+00:00\",\"dateModified\":\"2020-08-29T02:35:12+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.linuxdevops.cn\/2020\/08\/configure-mutual-authentication-for-ingress-nginx-mtls\/#breadcrumb\"},\"inLanguage\":\"zh-CN\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.linuxdevops.cn\/2020\/08\/configure-mutual-authentication-for-ingress-nginx-mtls\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.linuxdevops.cn\/2020\/08\/configure-mutual-authentication-for-ingress-nginx-mtls\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\/\/www.linuxdevops.cn\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"kubernetes\",\"item\":\"https:\/\/www.linuxdevops.cn\/kubernetes\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"\u4e3a Ingress-nginx \u914d\u7f6e\u53cc\u5411\u8ba4\u8bc1**mtls**\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.linuxdevops.cn\/#website\",\"url\":\"https:\/\/www.linuxdevops.cn\/\",\"name\":\"Linux\u81ea\u52a8\u5316\u8fd0\u7ef4\",\"description\":\"Linux\u81ea\u52a8\u5316\u8fd0\u7ef4\u7b14\u8bb0\",\"publisher\":{\"@id\":\"https:\/\/www.linuxdevops.cn\/#\/schema\/person\/3e206335d5796fdd8679e449df72a0d1\"},\"alternateName\":\"linuxdevops\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.linuxdevops.cn\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"zh-CN\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/www.linuxdevops.cn\/#\/schema\/person\/3e206335d5796fdd8679e449df72a0d1\",\"name\":\"\u7ba1\u7406\u5458\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-CN\",\"@id\":\"https:\/\/www.linuxdevops.cn\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.linuxdevops.cn\/wp-content\/uploads\/2019\/07\/cropped-index.jpg\",\"contentUrl\":\"https:\/\/www.linuxdevops.cn\/wp-content\/uploads\/2019\/07\/cropped-index.jpg\",\"width\":512,\"height\":512,\"caption\":\"\u7ba1\u7406\u5458\"},\"logo\":{\"@id\":\"https:\/\/www.linuxdevops.cn\/#\/schema\/person\/image\/\"},\"description\":\"\u7ba1\u7406\u5458\",\"url\":\"https:\/\/www.linuxdevops.cn\/author\/root\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\u4e3a Ingress-nginx \u914d\u7f6e\u53cc\u5411\u8ba4\u8bc1**mtls** - Linux\u81ea\u52a8\u5316\u8fd0\u7ef4","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.linuxdevops.cn\/2020\/08\/configure-mutual-authentication-for-ingress-nginx-mtls\/","og_locale":"zh_CN","og_type":"article","og_title":"\u4e3a Ingress-nginx \u914d\u7f6e\u53cc\u5411\u8ba4\u8bc1**mtls** - Linux\u81ea\u52a8\u5316\u8fd0\u7ef4","og_description":"\u9996\u5148\u4ec0\u4e48\u662f mtls \uff08\u53cc\u5411\u8ba4\u8bc1\uff09\uff1f\u5b83\u662f\u4e00\u4e2a\u8fc7\u7a0b\uff0c\u5728\u8fd9\u4e2a\u8fc7\u7a0b\u4e2d\uff0c\u5ba2\u6237\u673a\u548c\u670d\u52a1\u5668\u90fd\u901a\u8fc7\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u5f7c\u6b64\u9a8c\u8bc1\u8eab\u4efd\u3002","og_url":"https:\/\/www.linuxdevops.cn\/2020\/08\/configure-mutual-authentication-for-ingress-nginx-mtls\/","og_site_name":"Linux\u81ea\u52a8\u5316\u8fd0\u7ef4","article_published_time":"2020-08-29T02:05:49+00:00","article_modified_time":"2020-08-29T02:35:12+00:00","author":"\u7ba1\u7406\u5458","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.linuxdevops.cn\/2020\/08\/configure-mutual-authentication-for-ingress-nginx-mtls\/#article","isPartOf":{"@id":"https:\/\/www.linuxdevops.cn\/2020\/08\/configure-mutual-authentication-for-ingress-nginx-mtls\/"},"author":{"name":"\u7ba1\u7406\u5458","@id":"https:\/\/www.linuxdevops.cn\/#\/schema\/person\/3e206335d5796fdd8679e449df72a0d1"},"headline":"\u4e3a Ingress-nginx \u914d\u7f6e\u53cc\u5411\u8ba4\u8bc1**mtls**","datePublished":"2020-08-29T02:05:49+00:00","dateModified":"2020-08-29T02:35:12+00:00","mainEntityOfPage":{"@id":"https:\/\/www.linuxdevops.cn\/2020\/08\/configure-mutual-authentication-for-ingress-nginx-mtls\/"},"wordCount":256,"commentCount":0,"publisher":{"@id":"https:\/\/www.linuxdevops.cn\/#\/schema\/person\/3e206335d5796fdd8679e449df72a0d1"},"keywords":["\u2018\u53cc\u5411\u8ba4\u8bc1\u2019","ingress","k8s","NGINX"],"articleSection":["Kubernetes","Linux"],"inLanguage":"zh-CN","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.linuxdevops.cn\/2020\/08\/configure-mutual-authentication-for-ingress-nginx-mtls\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.linuxdevops.cn\/2020\/08\/configure-mutual-authentication-for-ingress-nginx-mtls\/","url":"https:\/\/www.linuxdevops.cn\/2020\/08\/configure-mutual-authentication-for-ingress-nginx-mtls\/","name":"\u4e3a Ingress-nginx \u914d\u7f6e\u53cc\u5411\u8ba4\u8bc1**mtls** - Linux\u81ea\u52a8\u5316\u8fd0\u7ef4","isPartOf":{"@id":"https:\/\/www.linuxdevops.cn\/#website"},"datePublished":"2020-08-29T02:05:49+00:00","dateModified":"2020-08-29T02:35:12+00:00","breadcrumb":{"@id":"https:\/\/www.linuxdevops.cn\/2020\/08\/configure-mutual-authentication-for-ingress-nginx-mtls\/#breadcrumb"},"inLanguage":"zh-CN","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.linuxdevops.cn\/2020\/08\/configure-mutual-authentication-for-ingress-nginx-mtls\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.linuxdevops.cn\/2020\/08\/configure-mutual-authentication-for-ingress-nginx-mtls\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.linuxdevops.cn\/"},{"@type":"ListItem","position":2,"name":"kubernetes","item":"https:\/\/www.linuxdevops.cn\/kubernetes\/"},{"@type":"ListItem","position":3,"name":"\u4e3a Ingress-nginx \u914d\u7f6e\u53cc\u5411\u8ba4\u8bc1**mtls**"}]},{"@type":"WebSite","@id":"https:\/\/www.linuxdevops.cn\/#website","url":"https:\/\/www.linuxdevops.cn\/","name":"Linux\u81ea\u52a8\u5316\u8fd0\u7ef4","description":"Linux\u81ea\u52a8\u5316\u8fd0\u7ef4\u7b14\u8bb0","publisher":{"@id":"https:\/\/www.linuxdevops.cn\/#\/schema\/person\/3e206335d5796fdd8679e449df72a0d1"},"alternateName":"linuxdevops","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.linuxdevops.cn\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"zh-CN"},{"@type":["Person","Organization"],"@id":"https:\/\/www.linuxdevops.cn\/#\/schema\/person\/3e206335d5796fdd8679e449df72a0d1","name":"\u7ba1\u7406\u5458","image":{"@type":"ImageObject","inLanguage":"zh-CN","@id":"https:\/\/www.linuxdevops.cn\/#\/schema\/person\/image\/","url":"https:\/\/www.linuxdevops.cn\/wp-content\/uploads\/2019\/07\/cropped-index.jpg","contentUrl":"https:\/\/www.linuxdevops.cn\/wp-content\/uploads\/2019\/07\/cropped-index.jpg","width":512,"height":512,"caption":"\u7ba1\u7406\u5458"},"logo":{"@id":"https:\/\/www.linuxdevops.cn\/#\/schema\/person\/image\/"},"description":"\u7ba1\u7406\u5458","url":"https:\/\/www.linuxdevops.cn\/author\/root\/"}]}},"_links":{"self":[{"href":"https:\/\/www.linuxdevops.cn\/wp-json\/wp\/v2\/posts\/749"}],"collection":[{"href":"https:\/\/www.linuxdevops.cn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.linuxdevops.cn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.linuxdevops.cn\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.linuxdevops.cn\/wp-json\/wp\/v2\/comments?post=749"}],"version-history":[{"count":6,"href":"https:\/\/www.linuxdevops.cn\/wp-json\/wp\/v2\/posts\/749\/revisions"}],"predecessor-version":[{"id":756,"href":"https:\/\/www.linuxdevops.cn\/wp-json\/wp\/v2\/posts\/749\/revisions\/756"}],"wp:attachment":[{"href":"https:\/\/www.linuxdevops.cn\/wp-json\/wp\/v2\/media?parent=749"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.linuxdevops.cn\/wp-json\/wp\/v2\/categories?post=749"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.linuxdevops.cn\/wp-json\/wp\/v2\/tags?post=749"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}