本文介绍: 通常情况下我们在一个.conf 承载好多服务代理的配置,使用.conf 文件过大,过长,以至于管理难,有时修改某个小配置,由于重起或重截配置文件,使用服务受影响。因此使用多配置组合的方式进行管理很有必要。注意:本文中配置的文件和影射的目录文件,因为我用的是docker 镜像挂载,所以目录要注意宿主的还是容器的目录。进行多文件管理,做多文件管理之前做好目录结构管理,以便于自己管理起来方便。都放一起也行,看个人。当一个顶级通配域名时,可以通过规则进行匹配处理。
通常情况下我们在一个.conf 承载好多服务代理的配置,使用.conf 文件过大,过长,以至于管理难,有时修改某个小配置,由于重起或重截配置文件,使用服务受影响。因此使用多配置组合的方式进行管理很有必要。
注意:本文中配置的文件和影射的目录文件,因为我用的是docker 镜像挂载,所以目录要注意宿主的还是容器的目录。
举例:如在一个conf 下的样例
#############################################################
#
# fengsh998
# nginx 反向代理设置,统一集管处,机器不够的话开集群。
# 包括:
# SSL,限流,跨域,集群,黑名单,白名单,负载均衡
#
# $PWD = /opt/nginx
# docker run -p 443:443 -p 80:80 -p 18883:1883 -p 33060:3306 -p 38066:8066 --name nginx
# -v $PWD/www:/www
# -v $PWD/conf/nginx.conf:/etc/nginx/nginx.conf
# -v $PWD/conf/modules:/usr/share/nginx
# -v $PWD/logs:/wwwlogs
# -v $PWD/cert:/opt/nginx/cert
# -d nginx
#############################################################
user nginx;
#指定进程数
worker_processes auto;
#错误日志
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
#动态加载外部配置文件【inclue 路径 + *.conf 】
include /usr/share/nginx/modules/*.conf;
#每个进程的最大连接数
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log /var/log/nginx/access.log main;
access_log /wwwlogs/httpproxy.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
# 加载配置
include /etc/nginx/conf.d/*.conf;
#################################################
#
# wiki 服务
# 可以设多个server进行负载均衡
# IP绑定 ip_hash每个请求按访问ip的hash结果分配,这样
# 每个访客固定访问一个后端服务器,可以解决session的问题。
#
#################################################
upstream jira_server {
server 172.xx.206.109:8080;
}
upstream wiki_server {
server 172.xx.206.109:8090;
}
upstream git_server {
server 172.xx.206.109:8999;
}
upstream kibana_server {
server 172.xx.188.21:5601;
}
upstream nexus_admin { server 47.xxx.xx.126:18888 ; }
upstream nexus_registry { server 47.xxx.xx.126:18888 ; }
#########################以下是服务配置以上是负载均衡############################
#############################################################################
#
# 使用重定向方式,来把http转为ssl
#
# .company.com 等效于 company.com wwww.company.com *.company.com
#
#############################################################################
server {
listen 80;
server_name advert.company.com;
location / {
proxy_pass http://advert.igaicloud.cn:8000;
}
}
#dashboard
server {
listen 80;
server_name dashboard.company.com;
location / {
root /www/dashboard;
index index.html index.htm;
}
error_page 404 403 500 502 503 504 /404.html;
location = /404.html {
root /www;
}
}
# server {
# listen 80;
# server_name .company.com; #使用通配的方式
# rewrite ^(.*)$ https://$http_host$request_uri? permanent;
# }
server {
listen 443 ssl;
listen [::]:443 ssl;
#访问的域名
server_name .company.com;
#ssl 证书配置
ssl_certificate "/opt/nginx/cert/company.com.pem";
ssl_certificate_key "/opt/nginx/cert/company.com.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# 泛域名开始配置 subdomain.domain.com的格式
if ( $host ~* (.*).(.*).(.*) ) {
set $domain_pix $1; #获取当前的域名前缀 eg wiki.company.com则domain被设置为wiki
}
#jira
if ($domain_pix = jira) {
set $goserver jira_server;
}
if ($domain_pix = wiki2) {
set $goserver wiki_server;
}
#gitlab 映射
if ($domain_pix = gitlab) {
set $goserver git_server;
}
#代理配置
location / {
#############################################################
#
# 跨域配置
#
#############################################################
#开启代理错误拦截功能
proxy_intercept_errors on;
proxy_pass http://$goserver;
proxy_set_header Host $host;
#缓存key规则,自动清除缓存
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto https;
proxy_buffering off;
proxy_request_buffering off;
client_max_body_size 1G;
proxy_connect_timeout 3000;
proxy_send_timeout 3000;
proxy_read_timeout 3000;
tcp_nodelay on;
}
location /localwebsite {
root /www/mobile;
}
location ^~ /kibana {
proxy_pass http://kibana_server;
proxy_set_header Host $host;
#缓存key规则,自动清除缓存
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto https;
}
#屏蔽wiki直接输入访问,所以做了个重定向
location /browsepeople.action {
rewrite ^(.*)$ https://wiki.company.com permanent;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
} ###end server ssl
#dashboard
# server {
# listen 443 ssl;
# listen [::]:443 ssl;
#正式环境的站点
# server_name dashboard.company.com;
#ssl 证书配置
# ssl_certificate "/opt/nginx/cert/company.com.pem";
# ssl_certificate_key "/opt/nginx/cert/company.com.key";
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 10m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# location / {
# root /www/dashboard;
# index index.html index.htm;
# }
# error_page 404 403 500 502 503 504 /404.html;
# location = /404.html {
# root /www;
# }
# }
}
stream {
log_format proxy '$remote_addr [$time_local] '
'$protocol $status $bytes_sent $bytes_received '
'$session_time "$upstream_addr" '
'"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
access_log /wwwlogs/tcp-access.log proxy;
open_log_file_cache off;
upstream mysql_server {
server 172.xx.218.228:33060;
server 172.xx.218.229:33060;
}
server {
listen 3306;
proxy_connect_timeout 10s;
proxy_timeout 525600m;
proxy_pass mysql_server;
}
}
进行多文件管理,做多文件管理之前做好目录结构管理,以便于自己管理起来方便。都放一起也行,看个人。
分别来看单个配置文件的内容:
总配置文件
nginx.conf
#############################################################
#
# fengsh998
# nginx 反向代理设置,统一集管处,机器不够的话开集群。
# 包括:
# SSL,限流,跨域,集群,黑名单,白名单,负载均衡
#
# $PWD = /opt/nginx
# docker run -p 443:443 -p 80:80 -p 18883:1883 -p 33060:3306 -p 38066:8066 --name nginx
# -v $PWD/www:/www
# -v $PWD/conf/nginx.conf:/etc/nginx/nginx.conf
# -v $PWD/conf/modules:/usr/share/nginx
# -v $PWD/logs:/wwwlogs
# -v $PWD/cert:/opt/nginx/cert
# -d nginx
#############################################################
user nginx;
#指定进程数
worker_processes auto;
#错误日志
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
#动态加载外部配置文件【inclue 路径 + *.conf 】
include /usr/share/nginx/modules/*.conf;
#每个进程的最大连接数
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log /var/log/nginx/access.log main;
access_log /wwwlogs/httpproxy.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
# 加载配置
include /etc/nginx/conf.d/*.conf;
#加载upstream模块
include /usr/share/nginx/ups_modules_http.conf;
#加载http server 模块
include /usr/share/nginx/http_servers/*.conf;
}
stream {
log_format proxy '$remote_addr [$time_local] '
'$protocol $status $bytes_sent $bytes_received '
'$session_time "$upstream_addr" '
'"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
access_log /wwwlogs/tcp-access.log proxy;
open_log_file_cache off;
#挂载盘opt/nginx/conf/modules
include /usr/share/nginx/stream_servers/*.conf;
}
ups_modules_http.conf
################################################
# 可以设多个server进行负载均衡
# IP绑定 ip_hash每个请求按访问ip的hash结果分配,这样
# 每个访客固定访问一个后端服务器,可以解决session的问题。
#
#################################################
upstream jira_server {
server 172.xx.206.109:8080;
}
upstream wiki_server {
server 172.xx.206.109:8090;
}
upstream git_server {
server 172.xx.206.109:8999;
}
upstream hostapi_arm2_server {
server 172.xx.206.111:32000;
}
upstream kibana_server {
#server 172.xx.188.21:5601;
#server 172.xx.206.112:5601;
server 172.xx.218.227:5601;
}
#测试用
upstream eureka_server {
#server 172.xx.188.23:8761;
server 172.xx.188.28:8001;
}
upstream nexus_admin { server 47.xxx.xx.126:18888 ; }
upstream nexus_registry { server 47.xxx.xx.126:18888 ; }
mysql.conf
upstream mysql_server {
server 172.xx.xxx.228:33060;
server 172.xx.xxx.229:33060;
}
server {
listen 3306;
proxy_connect_timeout 10s;
proxy_timeout 525600m;
proxy_pass mysql_server;
}
match.conf 当一个顶级通配域名时,可以通过规则进行匹配处理。
#将所有来自http的都自动跳转为https;
server {
listen 80;
server_name .company.com; #使用通配的方式
rewrite ^(.*)$ https://$http_host$request_uri? permanent;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
#访问的域名
server_name .company.com;
#ssl 证书配置
ssl_certificate "/opt/nginx/cert/company.com.pem";
ssl_certificate_key "/opt/nginx/cert/company.com.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# 泛域名开始配置 subdomain.domain.com的格式
if ( $host ~* (.*).(.*).(.*) ) {
set $domain_pix $1; #获取当前的域名前缀 eg wiki.company.com则domain被设置为wiki
}
if ( $host ~* (.*).(.*).(.*).(.*) ) {
set $subdomain_pix $1;
}
if ($subdomain_pix = eureka) {
set $goserver eureka_server;
}
#jira
if ($domain_pix = jira) {
set $goserver jira_server;
# set $goserver kibana_server;
}
if ($domain_pix = wiki2) {
set $goserver wiki_server;
}
if ($domain_pix = arm2api) {
set $goserver hostapi_arm2_server;
}
#gitlab 映射
if ($domain_pix = gitlab) {
set $goserver git_server;
}
#kibana
#if ($domain_pix = kibana) {
# set $goserver kibana_server;
#}
#代理配置
location / {
#开启代理错误拦截功能
proxy_intercept_errors on;
proxy_pass http://$goserver;
proxy_set_header Host $host;
#缓存key规则,自动清除缓存
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto https;
proxy_buffering off;
proxy_request_buffering off;
client_max_body_size 1G;
proxy_connect_timeout 3000;
proxy_send_timeout 3000;
proxy_read_timeout 3000;
tcp_nodelay on;
}
location /localwebsite {
root /www/mobile;
}
location /kibana/ {
auth_basic "请输入用户密码"; #这里是验证时的提示信息
auth_basic_user_file /opt/nginx/cert/passwd/fkibana;
proxy_pass http://kibana_server/;
rewrite ^/kibabna/(.*)$ /$1 break;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
}
#屏蔽wiki直接输入访问,所以做了个重定向
location /browsepeople.action {
rewrite ^(.*)$ https://wiki.company.com permanent;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
} ###end server ssl
dashbroad.conf
server {
listen 80;
server_name dashboard.company.com;
location / {
root /www/dashboard;
index index.html index.htm;
}
location ^~ /visitor/ {
root /www/;
try_files $uri $uri/ /index.html last;
index index.html index.htm;
}
# location / {
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-NginX-Proxy true;
# proxy_pass http://172.xx.xxx.112:18900;
# }
error_page 404 403 500 502 503 504 /404.html;
location = /404.html {
root /www;
}
}
原文地址:https://blog.csdn.net/fengsh998/article/details/128882133
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。
如若转载,请注明出处:http://www.7code.cn/show_51063.html
如若内容造成侵权/违法违规/事实不符,请联系代码007邮箱:suwngjj01@126.com进行投诉反馈,一经查实,立即删除!
声明:本站所有文章,如无特殊说明或标注,均为本站原创发布。任何个人或组织,在未征得本站同意时,禁止复制、盗用、采集、发布本站内容到任何网站、书籍等各类媒体平台。如若本站内容侵犯了原著者的合法权益,可联系我们进行处理。
