我需要一些帮助来弄清楚如何在 nginx 中配置反向代理负载均衡器。基本上,我有两个 Web 应用程序位于 Apache 服务器上的子目录下,例如 /flavors/Chocolate 和 /flavors/Vanilla。此应用程序在多台服务器上运行以实现故障转移,因此我的 Chocolate 上游服务器列表如下所示:
upstream Chocolate { ip_hash; server 192.168.10.100; server 192.168.10.101; server 192.168.10.102; }
现在,我想要做的是能够在负载均衡器 192.168.10.99 上接收请求,https://chocolate.company.com 和代理将它们通过端口 80 (http) 传递到上游服务器,并传递到它们的实际位置 192.168.10.xxx/flavors/Chocolate,而无需重写站点的 URIhttps://chocolate.company.com。
这是我所拥有的(它会向我左右弹出错误):
upstream Chocolate { ip_hash; server 192.168.10.100; server 192.168.10.101; server 192.168.10.102; } server { listen 80; return 301 https://$host$request_uri; } server { ### server port and name ### listen chocolate.company.com:443; ssl on; server_name chocolate.company.com;
### SSL log files ###
access_log logs/ssl-access.log;
error_log logs/ssl-error.log;
### SSL cert files ###
ssl_certificate /.pki/chocolate.company.com.crt;
ssl_certificate_key /.pki/chocolate.company.com.key;
### Add SSL specific settings here ###
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
keepalive_timeout 60;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
### We want full access to SSL via backend ###
location / {
rewrite ^(.*)$ /flavors/Chocolate break;
proxy_pass http://chocolate.company.com;
### force timeouts if one of backend is died ##
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_50$
### Set headers ####
proxy_set_header Accept-Encoding "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
### Most PHP, Python, Rails, Java App can use this header ###
#proxy_set_header X-Forwarded-Proto https;##
#This is better##
proxy_set_header X-Forwarded-Proto $scheme;
add_header Front-End-Https on;
### By default we don't want to redirect it ####
proxy_redirect off;
}
有人能帮我吗?我感觉我错过了一些非常愚蠢的事情,只是没有那种“尤里卡!”的感觉。在考虑了一些事情之后,我发现你们中可能有人比我更精通 Nginx(我几乎一点都不精通)。提前谢谢!
答案1
我认为唯一的问题在于proxy_pass
指令。您提到了http://chocolate.company.com
实际上应该在哪里使用上游组名称。我更改了上游组的名称以更好地记录更改:
# this is where all requests should be proxied to
upstream chocolate_upstream {
ip_hash;
server 192.168.10.100;
server 192.168.10.101;
server 192.168.10.102;
}
# this is a redirect to send all requests to https instead - optional
server {
listen 80;
return 301 https://$host$request_uri;
}
# this is the actual configuration
server {
### server port and name ###
listen chocolate.company.com:443;
ssl on;
server_name chocolate.company.com;
### log files for both access and errors ###
access_log logs/ssl-access.log;
error_log logs/ssl-error.log;
### SSL cert files ###
ssl_certificate /.pki/chocolate.company.com.crt;
ssl_certificate_key /.pki/chocolate.company.com.key;
### Add SSL specific settings here ###
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
keepalive_timeout 60;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
### We want full access to SSL via backend ###
location / {
# this must use the name of the upstream group - mandatory
# no need to rewrite but we can add the URI path here as well
proxy_pass http://chocolate_upstream/flavors/Chocolate;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_50$
proxy_set_header Accept-Encoding "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Front-End-Https on;
proxy_redirect off;
}