公司的wiki服务器和docker private registry都在公司的桌面云里,由于公网IP资源紧张,无法为这些服务器每个都配上公网IP, 只能通过一个公网IP来访问,所以需要用Nginx做个反向代理来访问些服务器。另外,这些服务都要以https来访问。
服务器内网IPwiki.renhl.com 172.168.100.47
hub.renhl.com 172.168.100.48
生成自签名的证书
因为是自己公司用也就无需申请认证的证书了,自签名即可。
$ sudo mkdir -p /etc/nginx/ssl $ sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
配置反向代理编辑/etc/nginx/sites-available/default,加入如下内容:
upstream wiki { server 172.168.100.47:80; # wiki.renhl.com } upstream hub { server 172.168.100.48; # hub.renhl.com } ## Start wiki.renhl.com ## server { listen 80; listen 443 ssl; ssl_certificate /etc/nginx/ssl/nginx.crt; ssl_certificate_key /etc/nginx/ssl/nginx.key; server_name wiki.ecloud.com.cn; access_log /var/log/nginx/wiki.renhl.access.log; error_log /var/log/nginx/wiki.renhl.error.log; root /usr/share/nginx/html; index index.html index.htm; ## send request back to apache1 ## location / { proxy_pass ; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_redirect off; proxy_buffering off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } ## End wiki.renhl.com ## ## START hub.renhl.com ## server { server_name hub.renhl.com; listen 80; listen 443 ssl; ssl_certificate /etc/nginx/ssl/nginx.crt; ssl_certificate_key /etc/nginx/ssl/nginx.key; access_log /var/log/nginx/hub.renhl.access.log; error_log /var/log/nginx/hub.renhl.error.log; root /usr/local/nginx/html; index index.html; location / { proxy_pass https://hub; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_redirect off; proxy_buffering off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } ## END hub.renhl.com ##
IP限制出于安全的考虑,要禁止公司以外的人访问这些服务,在nginx里设置只允许公司的IP访问。在上面的两个配置里加入下面的内容:
allow 111.206.238.12; allow 111.206.238.94; deny all;
參考文献更多Nginx相关教程见以下内容:
CentOS 6.2实战部署Nginx+MySQL+PHP
搭建基于Linux6.3+Nginx1.2+PHP5+MySQL5.5的Web服务器全过程
CentOS 6.3下配置Nginx加载ngx_pagespeed模块