各种环境的反向代理泛目录-反向代理集群
Time:2023-11-28 14:29:08
关于各种环境的反向代理泛目录的问题,我们总结了以下几点,给你解答:
各种环境的反向代理泛目录
背景:运维思路来讲,前两篇文章详细介绍到jenkins部署,仅仅是对于体验于学习,但运维任重而道远,往往生产不可轻易暴露自己的IP,因此前面我们学习到的IP+端口号的方式就不合适了,基于安全考虑,我们实现IP与端口封堵与反向代理,以至于更好的在生产环境落地;
一、前提:1、Jenkins已安装,详细步骤移步《基于阿里云ECS Centos8.0系统yum部署jenkins-2.277.3-1.1详情》;
2、Nginx已安装,本文手把手介绍;
二、基于YUM仓库部署Nginx1.201、创建nginx.repo源,cat <<EOF > /etc/yum.repos.d/nginx.repo[nginx-stable]name=nginx stable repobaseurl=http://nginx.org/packages/centos/$releasever/$basearch/gpgcheck=1enabled=1gpgkey=https://nginx.org/keys/nginx_signing.keymodule_hotfixes=true[nginx-mainline]name=nginx mainline repobaseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/gpgcheck=1enabled=0gpgkey=https://nginx.org/keys/nginx_signing.keymodule_hotfixes=trueEOF2、完成nginx-mainline配置yum-config-manager --enable nginx-mainline3、安装Nginxyum install nginx -y4、启动并查看监听端口80,如图常用命令(基于yum安装systemctl好使)systemctl start nginx.service 启动nginx服务 # systemctl stop nginx.service 停止服务 # systemctl restart nginx.service 重新启动服务 # systemctl list-units --type=service 查看所有已启动的服务 # systemctl status nginx.service 查看服务当前状态 # systemctl enable nginx.service 设置开机自启动 # systemctl disable nginx.service 停止开机自启动nginx -v需在nginx目录下运行nginx -s [signal]nginx -s reload 刷新配置nginx -s fast 快速stopnginx -s graceful 优雅stop三、Jenkins反向代理实现1、nginx目录下/etc/nginx/conf.d/,新建jenkins.confvim /etc/nginx/conf.d/jenkins.conf2、粘贴如下内容upstream jenkins { keepalive 32; # keepalive connections server IP:8089; # jenkins ip and port}# Required for Jenkins websocket agentsmap $http_upgrade $connection_upgrade { default upgrade; '' close;}server { listen 80; # Listen on port 80 for IPv4 requests server_name jenkins.10691.cn; # replace 'jenkins.10691.cn' with your server domain name # this is the jenkins web root directory # (mentioned in the /etc/default/jenkins file) root /usr/share/nginx/jenkins/; access_log /var/log/nginx/jenkins/access.log; ##需自行新建目录 error_log /var/log/nginx/jenkins/error.log; ##需自行新建目录 # pass through headers from Jenkins that Nginx considers invalid ignore_invalid_headers off; location ~ "^/static/[0-9a-fA-F]{8}\/(.*)$" { # rewrite all static files into requests to the root # E.g /static/12345678/css/something.css will become /css/something.css rewrite "^/static/[0-9a-fA-F]{8}\/(.*)" /$1 last; } location /userContent { # have nginx handle all the static requests to userContent folder # note : This is the $JENKINS_HOME dir root /var/lib/jenkins/; if (!-f $request_filename){ # this file does not exist, might be a directory or a /**view** url rewrite (.*) /$1 last; break; } sendfile on; } location / { sendfile off; proxy_pass http://jenkins; proxy_redirect default; proxy_http_version 1.1; # Required for Jenkins websocket agents proxy_set_header Connection $connection_upgrade; proxy_set_header Upgrade $http_upgrade; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_max_temp_file_size 0; #this is the maximum upload size client_max_body_size 10m; client_body_buffer_size 128k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffering off; proxy_request_buffering off; # Required for HTTP CLI commands proxy_set_header Connection ""; # Clear for keepalive }}3、如果在某些URL路径方面遇到问题 Blue Ocean的 ,则可能需要在代理配置中添加以下代码段if ($request_uri ~* "/blue(/.*)") { proxy_pass http://YOUR_SERVER_IP:YOUR_JENKINS_PORT/blue$1; break;}4、重启Nginx,浏览器http://jenkins.10691.cn,验证即可;反向代理集群
servername yoursecond--domain-name.com serveralias www.yoursecond--domain-name.com proxyrequests off proxypass / http://127.0.0.1:8080/ proxypassreverse / http://127.0.0.1:8080/
反向代理应用场景
移动网络被墙反向代理能解决。反向代理用到了反向代理服务器,使用反向代理,典型的应来自用是将防火墙后面的服务器提供给Intenet用户访问,隐藏了Web应用服务,如数据库的IP地址、端交项屋溶口号等信息,提高了系统的安全性等。