为什么我不能使用此 Digital Ocean 私有 IP 和该 Salt Cloud 设置进行反向代理?

为什么我不能使用此 Digital Ocean 私有 IP 和该 Salt Cloud 设置进行反向代理?

我正在关注这个DigitalOcean 教程这说明了 Salt Cloud 的工作原理,包括两个应用服务器和一个反向代理。接近尾声的预期结果是,您应该在反向代理后面的两台机器上运行一个纯 JS 应用程序,告诉您应用程序从哪个 IP 地址提供服务,这应该表明两个应用服务器都在运行并被代理。但是,我只得到了 Nginx 欢迎页面。

这是 nginx 配置文件,首先是模板,然后是生成的:

模板化

### /srv/salt/nginx/files/awesome-app.conf.jin ###
##################################################

### Configuration file for Nginx to act as a
### reverse proxy for an app farm.

# Define the app servers that we're in front of.
upstream awesome-app {
    {% for server, addrs in salt['mine.get']('roles:appserver', 'network.ip_addrs', expr_form='grain').items() %}
    server {{ addrs[0] }}:1337;
    {% endfor %}
}

# Forward all port 80 http traffic to our app farm, defined above as 'awesome-app'.
server {
    listen       80;
    server_name  {{ salt['network.ip_addrs']()[0] }};  # <-- change the '1' to '0' if you're not using
                                                       #     DigitalOcean's private networking.

    access_log  /var/log/nginx/awesome-app.access.log;
    error_log  /var/log/nginx/awesome-app.error.log;

    ## forward request to awesome-app ##
    location / {
     proxy_pass  http://awesome-app;
     proxy_set_header        Host            $host;
     proxy_set_header        X-Real-IP       $remote_addr;
     proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
   }
}

生成

    ### /srv/salt/nginx/files/awesome-app.conf.jin ###
    ##################################################

    ### Configuration file for Nginx to act as a
    ### reverse proxy for an app farm.

    # Define the app servers that we're in front of.
    upstream awesome-app {

        server 10.12.0.6:1337;

        server 10.12.0.8:1337;

    }

    # Forward all port 80 http traffic to our app farm, defined above as 'awesome-app'.
    server {
        listen       80;
        server_name  10.12.0.7;  # <-- change the '1' to '0' if you're not using
                                                           #     DigitalOcean's private networking.

        access_log  /var/log/nginx/awesome-app.access.log;
        error_log  /var/log/nginx/awesome-app.error.log;

        ## forward request to awesome-app ##
        location / {
         proxy_pass  http://awesome-app;
         proxy_set_header        Host            $host;
         proxy_set_header        X-Real-IP       $remote_addr;
         proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
       }
    }

在我看来这不对:反向代理的公共 IP 肯定不是 10.* 地址,而是以192.241...assalt -G 'roles:rproxy' network.ip_addrs开头的地址。所有 minions 都响应测试 ping,并且似乎配置正确。

我在 nginx块中将其更改server_name {{ salt['network.ip_addrs']()[0] }};为,因为有三个 IP 地址,其中只有第三个以 开头。现在我从 nginx 获得 502 Bad Gateway。server_name {{ salt['network.ip_addrs']()[2] }};serversalt -G 'roles:rproxy' network.ip_addrs192.241...

卷曲输出

curl以下是从我的家用机器到 nginx droplet 的公共 IP的调用:

curl -iv --trace-time <SERVER_IP>                                                                                                                                                                                                     ~
10:43:47.827486 * Rebuilt URL to: <SERVER_IP>/
10:43:47.832671 *   Trying <SERVER_IP>...
10:43:47.841036 * Connected to <SERVER_IP> (<SERVER_IP>) port 80 (#0)
10:43:47.841122 > GET / HTTP/1.1
10:43:47.841122 > Host: <SERVER_IP>
10:43:47.841122 > User-Agent: curl/7.43.0
10:43:47.841122 > Accept: */*
10:43:47.841122 >
10:43:53.847953 < HTTP/1.1 502 Bad Gateway
HTTP/1.1 502 Bad Gateway
10:43:53.848079 < Server: nginx/1.10.0 (Ubuntu)
Server: nginx/1.10.0 (Ubuntu)
10:43:53.848119 < Date: Tue, 10 Jan 2017 18:43:53 GMT
Date: Tue, 10 Jan 2017 18:43:53 GMT
10:43:53.848169 < Content-Type: text/html
Content-Type: text/html
10:43:53.848224 < Content-Length: 182
Content-Length: 182
10:43:53.848285 < Connection: keep-alive
Connection: keep-alive

10:43:53.848346 <
<html>
<head><title>502 Bad Gateway</title></head>
<body bgcolor="white">
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx/1.10.0 (Ubuntu)</center>
</body>
</html>
10:43:53.848490 * Connection #0 to host <SERVER_IP> left intact

该请求的访问日志:

<HOME_IP> - - [10/Jan/2017:18:41:07 +0000] "GET / HTTP/1.1" 502 182 "-" "curl/7.43.0"
<HOME_IP> - - [10/Jan/2017:18:41:45 +0000] "GET / HTTP/1.1" 502 182 "-" "curl/7.43.0"
<HOME_IP> - - [10/Jan/2017:18:43:53 +0000] "GET / HTTP/1.1" 502 182 "-" "curl/7.43.0"

这些请求的错误日志:

2017/01/10 18:41:04 [error] 7865#7865: *1 connect() failed (113: No route to host) while connecting to upstream, client: <HOME_IP>, server: <APP_SERVER1_IP>, request: "GET / HTTP/1.1", upstream: "http://<APP_SERVER1_PRIVATE_IP>:1337/", host: "<APP_SERVER1_IP>"
2017/01/10 18:41:07 [error] 7865#7865: *1 connect() failed (113: No route to host) while connecting to upstream, client: <HOME_IP>, server: <APP_SERVER1_IP>, request: "GET / HTTP/1.1", upstream: "http://<APP_SERVER2_PRIVATE_IP>:1337/", host: "<APP_SERVER1_IP>"
2017/01/10 18:41:42 [error] 7865#7865: *4 connect() failed (113: No route to host) while connecting to upstream, client: <HOME_IP>, server: <APP_SERVER1_IP>, request: "GET / HTTP/1.1", upstream: "http://<APP_SERVER2_PRIVATE_IP>:1337/", host: "<APP_SERVER1_IP>"
2017/01/10 18:41:45 [error] 7865#7865: *4 connect() failed (113: No route to host) while connecting to upstream, client: <HOME_IP>, server: <APP_SERVER1_IP>, request: "GET / HTTP/1.1", upstream: "http://<APP_SERVER1_PRIVATE_IP>:1337/", host: "<APP_SERVER1_IP>"
2017/01/10 18:43:50 [error] 7865#7865: *7 connect() failed (113: No route to host) while connecting to upstream, client: <HOME_IP>, server: <APP_SERVER1_IP>, request: "GET / HTTP/1.1", upstream: "http://<APP_SERVER2_PRIVATE_IP>:1337/", host: "<APP_SERVER1_IP>"
2017/01/10 18:43:53 [error] 7865#7865: *7 connect() failed (113: No route to host) while connecting to upstream, client: <HOME_IP>, server: <APP_SERVER1_IP>, request: "GET / HTTP/1.1", upstream: "http://<APP_SERVER1_PRIVATE_IP>:1337/", host: "<APP_SERVER1_IP>"
2017/01/10 18:52:02 [error] 7865#7865: *11 connect() failed (113: No route to host) while connecting to upstream, client: <HOME_IP>, server: <APP_SERVER1_IP>, request: "GET / HTTP/1.1", upstream: "http://<APP_SERVER2_PRIVATE_IP>:1337/", host: "<APP_SERVER1_IP>"
2017/01/10 18:52:05 [error] 7865#7865: *11 connect() failed (113: No route to host) while connecting to upstream, client: <HOME_IP>, server: <APP_SERVER1_IP>, request: "GET / HTTP/1.1", upstream: "http://<APP_SERVER1_PRIVATE_IP>:1337/", host: "<APP_SERVER1_IP>"

答案1

这不是最好的答案,因为它依赖于公共 IP,但它是一种解决方法。

Salt mine 返回每个应用服务器的两个 IP 地址,其中第一个是私有 IP。另一方面,salt['network.ip_addrs']()模板中的调用返回反向代理的三个 IP 地址,其中第三个是公共 IP。

因此,如果你将反向代理更改为仅使用公共 IP,则流量应该通过:

upstream awesome-app {
    {% for server, addrs in salt['mine.get']('roles:appserver', 'network.ip_addrs', expr_form='grain').items() %}
    server {{ addrs[1] }}:1337;
    {% endfor %}
}

# Forward all port 80 http traffic to our app farm, defined above as 'awesome-app'.
server {
    listen       80;
    server_name  {{ salt['network.ip_addrs']()[2] }};  # <-- change the '1' to '0' if you're not using
                                                       #     DigitalOcean's private networking.

在这种情况下,curl 会报告正确的结果:

curl -iv --trace-time <SERVER_PUBLIC_IP>                                                                                                                                                                                                     ~
11:08:32.790871 * Rebuilt URL to: <SERVER_PUBLIC_IP>/
11:08:32.794702 *   Trying <SERVER_PUBLIC_IP>...
11:08:32.802812 * Connected to <SERVER_PUBLIC_IP> (<SERVER_PUBLIC_IP>) port 80 (#0)
11:08:32.802986 > GET / HTTP/1.1
11:08:32.802986 > Host: <SERVER_PUBLIC_IP>
11:08:32.802986 > User-Agent: curl/7.43.0
11:08:32.802986 > Accept: */*
11:08:32.802986 >
11:08:32.816784 < HTTP/1.1 200 OK
HTTP/1.1 200 OK
11:08:32.817015 < Server: nginx/1.10.0 (Ubuntu)
Server: nginx/1.10.0 (Ubuntu)
11:08:32.817131 < Date: Tue, 10 Jan 2017 19:08:32 GMT
Date: Tue, 10 Jan 2017 19:08:32 GMT
11:08:32.817201 < Content-Type: text/plain
Content-Type: text/plain
11:08:32.817265 < Transfer-Encoding: chunked
Transfer-Encoding: chunked
11:08:32.817327 < Connection: keep-alive
Connection: keep-alive

11:08:32.817389 <
11:08:32.817536 * Connection #0 to host <SERVER_PUBLIC_IP> left intact
["APP_SERVER1_IP","APP_SERVER1_PRIVATE_IP","APP_SERVER1_PRIVATE_IP2"]~

相关内容