2
我有以下的Nginx的confnginx的配置最佳實踐
upstream artifactory_lb {
server main_server.com:8081 ;
server backup_server.com:8081 backup;
}
log_format upstreamlog '[$time_local] $remote_addr - $remote_user - $server_name to: $upstream_addr: $request upstream_response_time $upstream_response_time msec $msec request_time $request_time';
ssl_certificate /path/to/cert
ssl_certificate_key /path/to/key
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_session_cache shared:SSL:10m;
server {
listen 80;
listen 443 ssl;
client_max_body_size 2048M;
location/{
proxy_set_header Host $host;
proxy_pass http://artifactory_lb;
proxy_read_timeout 90;
}
access_log /var/log/nginx/access.log upstreamlog;
location /basic_status {
stub_status on;
allow all;
}
}
# Server configuration
server {
listen 2222 ssl;
server_name main_server.com;
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
rewrite ^/(v1|v2)/(.*) /api/docker/inhouse_images/$1/$2;
client_max_body_size 0;
chunked_transfer_encoding on;
location/{
allow all;
proxy_read_timeout 900;
proxy_pass_header Server;
proxy_cookie_path ~*^/.* /;
proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://main_server.com:8081/artifactory/;
}
}
注意到,「proxy_pass」指令點,這增加了單點故障服務器的單個實例。有沒有辦法解決這個問題?
Nginx配置可以有兩組上游服務器嗎?所以在這種情況下,它會像
upstream artifactory_lb1 {
server main_server.com:8081 ;
server backup_server.com:8081 backup;
}
upstream artifactory_lb2 {
server main_server.com:8081/artifactory/;
server backup_server.com:8081/artifactory/ backup;
}
這是否被認爲是一種良好做法?
只要你想你可以有許多'upstream'塊。但是你的第二個錯誤,'上游'服務器不能包含路徑部分,只有主機:端口。 –
順便說一句,我不明白爲什麼你的'main_server.com'被標記爲'backup'。 –
嗨Alexey,這是一個複製粘貼錯誤,感謝您指出。如果我想將一個請求重定向到一個特定的端口(在本例中爲2222)到一個特定的路由(在這種情況下(/ artifactory /))這裏配置了什麼?是否有方法在proxy_pass指令中追加一個字符串? –