七层代理配置
概述
参考:
这个配置里的 172.19.42.217 是 kubernetes 集群的入口,一般在 80 和 443 上都起一个 ingress controler,这样,多种域名都代理到同一个 kubernetes 集群,然后由 ingress 再将流量进行路由分配。
user nginx;
worker_processes 4;
error_log /dev/stdout warn;
pid /var/run/nginx.pid;
events {
worker_connections 102400;
}
http {
default_type application/octet-stream;
access_log /dev/stdout main;
keepalive_timeout 120;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'
'$upstream_addr '
'ups_resp_time: $upstream_response_time '
'request_time: $request_time';
sendfile on;
server_names_hash_bucket_size 256;
server {
listen 80;
server_name grafana.desistdaydream.ltd;
server_name prometheus.desistdaydream.ltd;
server_name desistdaydream.ltd;
server_name www.desistdaydream.ltd;
client_body_in_file_only clean;
client_body_buffer_size 64K;
client_max_body_size 40M;
sendfile on;
send_timeout 300s;
location / {
proxy_pass http://172.19.42.217/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
include /etc/nginx/mime.types;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/conf.d/protal/*.conf;
}
rewrite 与 break
server {
listen 20443;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
location /prom {
proxy_pass http://192.168.254.253:9090;
rewrite ^/prom/(.*)$ /$1 break;
# if ($request_uri ~ ^/prom$) {
# return 302 /prom/graph;
# }
}
}
当请求来到这个端口时,Nginx 会根据配置来处理这些请求。
- 当你从客户端发起请求
http://192.168.254.253:20443/prom时:- 请求会匹配到
location /prom,因为请求的 URL 路径开始于/prom。 proxy_pass http://192.168.254.253:9090;会将请求代理(转发)到内网地址http://192.168.254.253:9090。rewrite ^/prom/(.*)$ /$1 break;这行配置会重写 URL,将/prom/之后的部分保留,前面的/prom/替换为/。但因为请求的路径是/prom并没有匹配到/prom/之后的部分,所以重写规则不会应用。- 最终,请求会被代理到
http://192.168.254.253:9090/prom。
- 请求会匹配到
- 当你从客户端发起请求
http://192.168.254.253:20443/prom/graph时:- 请求同样会匹配到
location /prom。 proxy_pass http://192.168.254.253:9090;仍然会将请求代理到内网地址http://192.168.254.253:9090。- 对于
rewrite ^/prom/(.*)$ /$1 break;这行配置,此时它会匹配到/prom/graph中的/prom/graph部分,因此将其重写为/graph。 - 最终,请求会被代理到
http://192.168.254.253:9090/graph。
- 请求同样会匹配到
去掉 break 的后果
由于 break 的存在,当我们访问 /prom/graph 是可以正确打开页面的。
但是如果去掉了 break,那么在 rewrite 后发现客户端实际请求的是 /graph,那么就需要匹配其他 location,由于无法匹配到任何 location,Nginx 会按照默认的处理方式来处理请求,即使用location /块来处理。这个块将请求映射到 /usr/share/nginx/html/ 目录下的 graph 文件。然而这个路径在默认的文件系统中并不存在,因此返回了404错误。
Notes: 打开 nginx 的rewrite 日志,可以看到如下报错:
2023/11/02 00:32:43 [error] 221#221: *1007 open() "/usr/share/nginx/html/graph" failed (2: No such file or directory), client: 192.168.254.254, server: , request: "GET /prom/graph HTTP/1.1", host: "192.168.254.253:20443",这个日志也表明,/prom/graph 的请求被 nginx 当做 /graph 交给location /处理了。另外,若删掉了
location /块,nginx 还有一个自己设定的默认块。。。。/的路径为/etc/nginx/html/。可以看到报错:2023/11/02 00:43:58 [error] 31#31: *1 open() "/etc/nginx/html/graph" failed (2: No such file or directory), client: 192.168.254.254, server: , request: "GET /prom/graph HTTP/1.1", host: "192.168.254.253:20443"
# 待整理配置示例
```nginx
server {
listen 80;
server_name grafana.desistdaydream.ltd;
server_name prometheus.desistdaydream.ltd;
server_name desistdaydream.ltd;
server_name www.desistdaydream.ltd;
client_body_in_file_only clean;
client_body_buffer_size 64K;
client_max_body_size 40M;
sendfile on;
send_timeout 300s;
location / {
proxy_pass http://172.19.42.217/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
https
server {
listen 80;
listen 443 ssl;
server_name rancher.desistdaydream.ltd;
ssl on;
# crt证书
ssl_certificate ../keys/bj/rancher.desistdaydream.ltd.crt;
# key证书
ssl_certificate_key ../keys/bj/rancher.desistdaydream.ltd.key;
client_body_in_file_only clean;
client_body_buffer_size 64K;
client_max_body_size 40M;
sendfile on;
send_timeout 300s;
location / {
proxy_pass https://172.19.42.217:60443/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
反馈
此页是否对你有帮助?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.