我正在关注这个DigitalOcean 教程这说明了 Salt Cloud 的工作原理,包括两个应用服务器和一个反向代理。接近尾声的预期结果是,您应该在反向代理后面的两台机器上运行一个纯 JS 应用程序,告诉您应用程序从哪个 IP 地址提供服务,这应该表明两个应用服务器都在运行并被代理。但是,我只得到了 Nginx 欢迎页面。
这是 nginx 配置文件,首先是模板,然后是生成的:
模板化
### /srv/salt/nginx/files/awesome-app.conf.jin ###
##################################################
### Configuration file for Nginx to act as a
### reverse proxy for an app farm.
# Define the app servers that we're in front of.
upstream awesome-app {
{% for server, addrs in salt['mine.get']('roles:appserver', 'network.ip_addrs', expr_form='grain').items() %}
server {{ addrs[0] }}:1337;
{% endfor %}
}
# Forward all port 80 http traffic to our app farm, defined above as 'awesome-app'.
server {
listen 80;
server_name {{ salt['network.ip_addrs']()[0] }}; # <-- change the '1' to '0' if you're not using
# DigitalOcean's private networking.
access_log /var/log/nginx/awesome-app.access.log;
error_log /var/log/nginx/awesome-app.error.log;
## forward request to awesome-app ##
location / {
proxy_pass http://awesome-app;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
生成
### /srv/salt/nginx/files/awesome-app.conf.jin ###
##################################################
### Configuration file for Nginx to act as a
### reverse proxy for an app farm.
# Define the app servers that we're in front of.
upstream awesome-app {
server 10.12.0.6:1337;
server 10.12.0.8:1337;
}
# Forward all port 80 http traffic to our app farm, defined above as 'awesome-app'.
server {
listen 80;
server_name 10.12.0.7; # <-- change the '1' to '0' if you're not using
# DigitalOcean's private networking.
access_log /var/log/nginx/awesome-app.access.log;
error_log /var/log/nginx/awesome-app.error.log;
## forward request to awesome-app ##
location / {
proxy_pass http://awesome-app;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
在我看来这不对:反向代理的公共 IP 肯定不是 10.* 地址,而是以192.241...assalt -G 'roles:rproxy' network.ip_addrs开头的地址。所有 minions 都响应测试 ping,并且似乎配置正确。
我在 nginx块中将其更改server_name {{ salt['network.ip_addrs']()[0] }};为,因为有三个 IP 地址,其中只有第三个以 开头。现在我从 nginx 获得 502 Bad Gateway。server_name {{ salt['network.ip_addrs']()[2] }};serversalt -G 'roles:rproxy' network.ip_addrs192.241...
卷曲输出
curl以下是从我的家用机器到 nginx droplet 的公共 IP的调用:
curl -iv --trace-time <SERVER_IP> ~
10:43:47.827486 * Rebuilt URL to: <SERVER_IP>/
10:43:47.832671 * Trying <SERVER_IP>...
10:43:47.841036 * Connected to <SERVER_IP> (<SERVER_IP>) port 80 (#0)
10:43:47.841122 > GET / HTTP/1.1
10:43:47.841122 > Host: <SERVER_IP>
10:43:47.841122 > User-Agent: curl/7.43.0
10:43:47.841122 > Accept: */*
10:43:47.841122 >
10:43:53.847953 < HTTP/1.1 502 Bad Gateway
HTTP/1.1 502 Bad Gateway
10:43:53.848079 < Server: nginx/1.10.0 (Ubuntu)
Server: nginx/1.10.0 (Ubuntu)
10:43:53.848119 < Date: Tue, 10 Jan 2017 18:43:53 GMT
Date: Tue, 10 Jan 2017 18:43:53 GMT
10:43:53.848169 < Content-Type: text/html
Content-Type: text/html
10:43:53.848224 < Content-Length: 182
Content-Length: 182
10:43:53.848285 < Connection: keep-alive
Connection: keep-alive
10:43:53.848346 <
<html>
<head><title>502 Bad Gateway</title></head>
<body bgcolor="white">
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx/1.10.0 (Ubuntu)</center>
</body>
</html>
10:43:53.848490 * Connection #0 to host <SERVER_IP> left intact
该请求的访问日志:
<HOME_IP> - - [10/Jan/2017:18:41:07 +0000] "GET / HTTP/1.1" 502 182 "-" "curl/7.43.0"
<HOME_IP> - - [10/Jan/2017:18:41:45 +0000] "GET / HTTP/1.1" 502 182 "-" "curl/7.43.0"
<HOME_IP> - - [10/Jan/2017:18:43:53 +0000] "GET / HTTP/1.1" 502 182 "-" "curl/7.43.0"
这些请求的错误日志:
2017/01/10 18:41:04 [error] 7865#7865: *1 connect() failed (113: No route to host) while connecting to upstream, client: <HOME_IP>, server: <APP_SERVER1_IP>, request: "GET / HTTP/1.1", upstream: "http://<APP_SERVER1_PRIVATE_IP>:1337/", host: "<APP_SERVER1_IP>"
2017/01/10 18:41:07 [error] 7865#7865: *1 connect() failed (113: No route to host) while connecting to upstream, client: <HOME_IP>, server: <APP_SERVER1_IP>, request: "GET / HTTP/1.1", upstream: "http://<APP_SERVER2_PRIVATE_IP>:1337/", host: "<APP_SERVER1_IP>"
2017/01/10 18:41:42 [error] 7865#7865: *4 connect() failed (113: No route to host) while connecting to upstream, client: <HOME_IP>, server: <APP_SERVER1_IP>, request: "GET / HTTP/1.1", upstream: "http://<APP_SERVER2_PRIVATE_IP>:1337/", host: "<APP_SERVER1_IP>"
2017/01/10 18:41:45 [error] 7865#7865: *4 connect() failed (113: No route to host) while connecting to upstream, client: <HOME_IP>, server: <APP_SERVER1_IP>, request: "GET / HTTP/1.1", upstream: "http://<APP_SERVER1_PRIVATE_IP>:1337/", host: "<APP_SERVER1_IP>"
2017/01/10 18:43:50 [error] 7865#7865: *7 connect() failed (113: No route to host) while connecting to upstream, client: <HOME_IP>, server: <APP_SERVER1_IP>, request: "GET / HTTP/1.1", upstream: "http://<APP_SERVER2_PRIVATE_IP>:1337/", host: "<APP_SERVER1_IP>"
2017/01/10 18:43:53 [error] 7865#7865: *7 connect() failed (113: No route to host) while connecting to upstream, client: <HOME_IP>, server: <APP_SERVER1_IP>, request: "GET / HTTP/1.1", upstream: "http://<APP_SERVER1_PRIVATE_IP>:1337/", host: "<APP_SERVER1_IP>"
2017/01/10 18:52:02 [error] 7865#7865: *11 connect() failed (113: No route to host) while connecting to upstream, client: <HOME_IP>, server: <APP_SERVER1_IP>, request: "GET / HTTP/1.1", upstream: "http://<APP_SERVER2_PRIVATE_IP>:1337/", host: "<APP_SERVER1_IP>"
2017/01/10 18:52:05 [error] 7865#7865: *11 connect() failed (113: No route to host) while connecting to upstream, client: <HOME_IP>, server: <APP_SERVER1_IP>, request: "GET / HTTP/1.1", upstream: "http://<APP_SERVER1_PRIVATE_IP>:1337/", host: "<APP_SERVER1_IP>"
答案1
这不是最好的答案,因为它依赖于公共 IP,但它是一种解决方法。
Salt mine 返回每个应用服务器的两个 IP 地址,其中第一个是私有 IP。另一方面,salt['network.ip_addrs']()模板中的调用返回反向代理的三个 IP 地址,其中第三个是公共 IP。
因此,如果你将反向代理更改为仅使用公共 IP,则流量应该通过:
upstream awesome-app {
{% for server, addrs in salt['mine.get']('roles:appserver', 'network.ip_addrs', expr_form='grain').items() %}
server {{ addrs[1] }}:1337;
{% endfor %}
}
# Forward all port 80 http traffic to our app farm, defined above as 'awesome-app'.
server {
listen 80;
server_name {{ salt['network.ip_addrs']()[2] }}; # <-- change the '1' to '0' if you're not using
# DigitalOcean's private networking.
在这种情况下,curl 会报告正确的结果:
curl -iv --trace-time <SERVER_PUBLIC_IP> ~
11:08:32.790871 * Rebuilt URL to: <SERVER_PUBLIC_IP>/
11:08:32.794702 * Trying <SERVER_PUBLIC_IP>...
11:08:32.802812 * Connected to <SERVER_PUBLIC_IP> (<SERVER_PUBLIC_IP>) port 80 (#0)
11:08:32.802986 > GET / HTTP/1.1
11:08:32.802986 > Host: <SERVER_PUBLIC_IP>
11:08:32.802986 > User-Agent: curl/7.43.0
11:08:32.802986 > Accept: */*
11:08:32.802986 >
11:08:32.816784 < HTTP/1.1 200 OK
HTTP/1.1 200 OK
11:08:32.817015 < Server: nginx/1.10.0 (Ubuntu)
Server: nginx/1.10.0 (Ubuntu)
11:08:32.817131 < Date: Tue, 10 Jan 2017 19:08:32 GMT
Date: Tue, 10 Jan 2017 19:08:32 GMT
11:08:32.817201 < Content-Type: text/plain
Content-Type: text/plain
11:08:32.817265 < Transfer-Encoding: chunked
Transfer-Encoding: chunked
11:08:32.817327 < Connection: keep-alive
Connection: keep-alive
11:08:32.817389 <
11:08:32.817536 * Connection #0 to host <SERVER_PUBLIC_IP> left intact
["APP_SERVER1_IP","APP_SERVER1_PRIVATE_IP","APP_SERVER1_PRIVATE_IP2"]~