Correct way to serve FastCGI from ingress controller

[robertwt7]

Hey Guys,

Sorry for posting a question here, however i've been stuck for 3 days looking around the internet for examples to fix my issue right now.

My issue is very similar to #4822, however i can't get it working.

My current working setup is 1 pod with 2 containers (1 php-fpm and 1 nginx pointing at it), and a service with type NodePort, accessible through external load balancer

It comes to a point where I need to add extra service and I want to use nginx ingress as a controller. However I always get 404 from nginx, no logs from php-fpm, and logs from ingress controller pod only shows 404 request. I'm on a total dead end atm.

Here's my usual nginx conf, notice because its laravel, its pointing to /var/www/public:

server {
    listen 80;
    listen [::]:80;

    # For https
    listen 443 ssl;
    listen [::]:443 ssl ipv6only=on;
    ssl_certificate /etc/nginx/ssl/default.crt;
    ssl_certificate_key /etc/nginx/ssl/default.key;

    server_name backend.app.com.au;
    root /var/www/public;
    index index.php index.html index.htm;

    location / {
        try_files $uri $uri/ /index.php$is_args$args;
    }

    location ~ \.php$ {
        try_files $uri /index.php =404;
        fastcgi_pass php-upstream;
        fastcgi_index index.php;
        fastcgi_buffers 16 16k;
        fastcgi_buffer_size 32k;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        #fixes timeouts
        fastcgi_read_timeout 600;
        include fastcgi_params;
    }

    location ~ /\.ht {
        deny all;
    }

    location /.well-known/acme-challenge/ {
        root /var/www/letsencrypt/;
        log_not_found off;
    }


    error_log /var/log/nginx/laravel_error.log;
    access_log /var/log/nginx/laravel_access.log;
}

Here's my setup for ingress controller:

---

apiVersion: v1
kind: ConfigMap
metadata:
  name: ingress-cm
data:
  DOCUMENT_ROOT: "/var/www/public"
  SCRIPT_FILENAME: $document_root$fastcgi_script_name

---

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: operation-ingress
  labels:
    app: operation-ingress
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/backend-protocol: "FCGI"
    nginx.ingress.kubernetes.io/fastcgi-index: "index.php"
    nginx.ingress.kubernetes.io/fastcgi-params-configmap: "ingress-cm"
    nginx.ingress.kubernetes.io/fastcgi_buffers: "16 16k"
    nginx.ingress.kubernetes.io/fastcgi_buffer_size: "32k"
    nginx.ingress.kubernetes.io/proxy-body-size: 100m
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
  rules:
  - host: message-parser.app.com.au
    http:
      paths:
      - path: /*
        backend:
          serviceName: message-parser-service
          servicePort: 9000
  - host: backend.app.com.au
    http:
      paths:
      - path: /*
        backend:
          serviceName: app-service
          servicePort: 9000

What did i do wrong? has anyone manage to successfully setup FCGI straight to pods? I can't find any example from the internet at all. Please help

Thanks so much

[robertwt7]

Controller returns me 404

[23/Feb/2021:06:19:31 +0000] "GET / HTTP/1.1" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36 Edg/88.0.705.74" 469 0.000 [upstream-default-backend] [] 127.0.0.1:8181 548 0.001 404 102d819ca3af7930b634fbffef0e3b20

[tuananh170489]

I think you should use Apache for serving php instead of nginx, inspire of wordpress images

[robertwt7]

But my point is to use the fpm straightaway. To use the fastcgi feature listed in this extension

[robertwt7]

Nevermind, i found out that i need to serve some static assets, thus another load balancer (nginx) is needed for my framework. All g now thanks!

[viktor-lt]

Controller returns me 404

[23/Feb/2021:06:19:31 +0000] "GET / HTTP/1.1" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36 Edg/88.0.705.74" 469 0.000 [upstream-default-backend] [] 127.0.0.1:8181 548 0.001 404 102d819ca3af7930b634fbffef0e3b20

Have you been able to make this work?

I am still unable (#8207)

[DmytroIshchuk]

@robertwt7
Hi
I found out how to make it live
The problem is with fastcgi params in configmap, or more precisely, with a SCRIPT_FILENAME

apiVersion: v1
kind: ConfigMap
metadata:
  name: ingress-cm
data:
  DOCUMENT_ROOT: "/var/www/public"
  SCRIPT_FILENAME: "/var/www/public$fastcgi_script_name"

or more convenient as for me
SCRIPT_FILENAME: "/var/www/public/index.php$query_string"

Ingress config is the same

[BloodyIron]

After exhaustive attempts I have not once been able to get k8s team's variant for "Ingress NGINX" to actually process upstream fast cgi. My problem may be that the "NGINX" software running inside the relevant "Ingress NGINX" k8s pod (controller?) doesn't mount (by choice, my choice, in this case) the shared non-PHP content folder, and I think that might be what's missing.

I also have discovered that it is, by design (which I don't entirely understand the rationale), that the devs (of k8s team's variant of "Ingress NGINX") have disallowed/blocked the general modification of the "location /" aspect for any "kind: ingress" declared.

So couple these together and in my case I'm running nginx:1 within the relevant pod that has the container with fast cgi, in addition to the Ingress NGINX stuff, and that nginx:1 container mounts the shared storage.

It seems like it's probably a bad idea for me to mount things like this inside the "Controller" for the Ingress anyways, so perhaps its for the better. A lesson learned through multiple-days of hitting my HomeDC with various sized wrenches (and my keyboard).

As for the "location /" aspect, I'm going to have to work around that, but I don't see why that's worth blocking.

Anyways, posting this here so myself and maybe future humans can read it and be helped. Thanks to those in this thread for giving me stuff to try anyways! :)