argo前置nginx配置

高俊 1年前
475次浏览 0人关注 复制链接 所属标签: 负载nginx https

注意

前置nginx是指独立于argo自己的nginx之外的nginx服务,要求在argo之外单独找一台机器来部署并配置该nginx,一般使用场景如下:
1、负载均衡,在argo集群版本中收数据的服务会部署多台,通过前置nginx来做负载均衡,保证数据能均匀的发送到各个收数据服务上。
2、https请求的转换,https请求到该前置nginx之后,由该nginx服务进行解码,然后转换成http请求发送到收数据服务上,这么做的好处是,nginx的证书完全由用户自己来维护和管理,保证证书安全。

一、安装nginx

1.在CentOS服务器上,确保能正常上网,执行一下命令,添加yum源
yum install epel-release -y

2.安装nginx
yum install nginx -y

3.配置nginx自动启动
systemctl enable nginx

4.重启nginx服务
systemctl restart nginx

二、配置nginx

方舟需要配置数据上报端口8089,和可视化埋点端口9091
以下是配置样例,可以根据修改/etc/nginx/nginx.conf实现:

映射涉及ark1.analysys.xyz机器的8089端口和9091端口,这里使用nginx的upstream方式实现:

upstream apachesdkserver {
server ark1.analysys.xyz的ip:8089;
}
upstream apachearkserver_9091 {
server ark1.analysys.xyz的ip:9091;
}
server {
listen 8089; //监听的http端口,这里可以根据自己的需求修改
server_name uat.analysys.cn; //项目使用的域名这里根据实际用户的需求定
root html;
index index.html index.htm index.php;
access_log /data/nginx/logs/uat8089_access.log main;
#add_header Timing-Allow-Origin "*";
#add_header Access-Control-Allow-Origin "*";
#add_header Access-Control-Allow-Methods "POST, GET";
location = /up {
if ($request_method !~ ^(POST)$ ) {
return 405;
}
proxy_pass http://apachesdkserver; //这里填写调用的upstream
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_connect_timeout 75;
proxy_send_timeout 120;
proxy_read_timeout 120;
proxy_buffer_size 32k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}

location = /configure {
if ($request_method !~ ^(GET)$ ) {
return 405;
}
proxy_pass http://apachesdkserver; //这里填写调用的upstream
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_connect_timeout 75;
proxy_send_timeout 120;
proxy_read_timeout 120;
proxy_buffer_size 32k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}

}
下面的配置同上,只是这是一个https的配置:
server {
listen 4089; //端口同样可以根据实际情况修改
server_name uat.analysys.cn; //域名也可以根据用户实际情况修改
access_log /data/nginx/logs/uat4089_access.log main;
ssl on;
# ssl_certificate sslkey/_.analysys.cn_bundle.crt;
# ssl_certificate_key sslkey/_.analysys.cn.key;
ssl_certificate /data/nginx/https-credential/_.analysys.cn_bundle.crt; //https的ssl证书,用户需要把自己的域名去做申请
ssl_certificate_key /data/nginx/https-credential/_.analysys.cn.key; //同上
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
ssl_prefer_server_ciphers on;
root html;
index index.html index.htm index.php;
location = /up {
if ($request_method !~ ^(POST)$ ) {
return 405;
}
#add_header Timing-Allow-Origin "*";
#add_header Access-Control-Allow-Origin "*";
#add_header Access-Control-Allow-Methods "POST, GET";
proxy_pass http://apachesdkserver; //需要设置的upstream
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_connect_timeout 75;
proxy_send_timeout 120;
proxy_read_timeout 120;
proxy_buffer_size 32k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}

location = /configure {
if ($request_method !~ ^(GET)$ ) {
return 405;
}
#add_header Timing-Allow-Origin "*";
#add_header Access-Control-Allow-Origin "*";
#add_header Access-Control-Allow-Methods "POST, GET";
proxy_pass http://apachesdkserver; //需要设置的upstream
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_connect_timeout 75;
proxy_send_timeout 120;
proxy_read_timeout 120;
proxy_buffer_size 32k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}

}

可视化埋点的配置同上数一样,需要定义的也是端口、域名、upstream和相关证书;
server {
listen 9091;
server_name uat.analysys.cn;
index index.html index.htm index.php;
access_log /data/nginx/logs/uat9091_access.log main;
#add_header Timing-Allow-Origin "*";
#add_header Access-Control-Allow-Origin "*";
#add_header Access-Control-Allow-Methods "POST, GET, DELETE, PUT, OPTIONS";
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x_real_ipP $remote_addr;
proxy_set_header remote_addr $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://apachearkserver_9091;
proxy_http_version 1.1;
proxy_connect_timeout 4s;
proxy_read_timeout 30s;
proxy_send_timeout 12s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
server {
listen 4091;
server_name uat.analysys.cn;
access_log /data/nginx/logs/uat4091_access.log main;
ssl on;
# ssl_certificate sslkey/_.analysys.cn_bundle.crt;
# ssl_certificate_key sslkey/_.analysys.cn.key;
ssl_certificate /data/nginx/https-credential/_.analysys.cn_bundle.crt;
ssl_certificate_key /data/nginx/https-credential/_.analysys.cn.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
ssl_prefer_server_ciphers on;
index index.html index.htm index.php;
#add_header Timing-Allow-Origin "*";
#add_header Access-Control-Allow-Origin "*";
#add_header Access-Control-Allow-Methods "POST, GET, DELETE, PUT, OPTIONS";
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x_real_ipP $remote_addr;
proxy_set_header remote_addr $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://apachearkserver_9091;
proxy_http_version 1.1;
proxy_connect_timeout 4s;
proxy_read_timeout 30s;
proxy_send_timeout 12s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}

修改完毕之后,重启nginx服务让配置生效:
systemctl restart nginx

2条回答
zhaoy07331 11个月前

OK

有用0 评论0
班大头 11个月前

学习了

有用0 评论0