This article was created in partnership with Alibaba Cloud. Thank you for supporting the partners who make SitePoint possible.
本文是与阿里云合作创建的。 感谢您支持使SitePoint成为可能的合作伙伴。
Think you got a better tip for making the best use of Alibaba Cloud services? Tell us about it and go in for your chance to win a MacBook Pro (plus other cool stuff). Find out more here.
认为您有更好的技巧来充分利用阿里云服务吗? 告诉我们,并争取获得MacBook Pro的机会(还有其他很棒的东西)。 在这里找到更多 。
Need to serve many websites from a single Linux box, optimizing resources, and automating the site launch process? Let’s get serious then, and set up a production-ready environment using Ubuntu, NGINX, and Docker — all of it on Alibaba Cloud.
是否需要通过一个Linux机器为多个网站提供服务,优化资源并自动执行网站启动过程? 然后让我们变得认真起来,并使用Ubuntu,NGINX和Docker设置生产就绪环境-所有这些都在阿里云上。
This is a somewhat advanced tutorial, and we’ll assume some knowledge of networking, server administration, and software containers.
这是一个有点高级的教程,我们将假设您具备一些有关网络,服务器管理和软件容器的知识。
了解场景 (Understanding the Scenario)
If you are looking at this guide, chances are that you need to manage a cluster of servers, or an increasing number of websites — if not both — and are looking at what your options are for a secure, performant, and flexible environment. Well then, you came to the right place!
如果您正在阅读本指南,则很有可能需要管理服务器群集或越来越多的网站 (如果不是同时管理两个网站) ,并且正在寻找针对安全,高性能和灵活环境的选择。 那么,您来对地方了!
为什么要反向代理 (Why a Reverse Proxy)
In a nutshell, a reverse proxy takes a request from a client (normally from the Internet), forwards it to a server that can fulfill it (normally on an Intranet), and finally returns the server’s response back to the client.
简而言之,反向代理从客户端(通常是从Internet)获取请求,将其转发到可以满足该请求的服务器(通常在Intranet上),最后将服务器的响应返回给客户端。
Those making requests to the proxy may not be aware of the internal network.
那些向代理发出请求的人可能不知道内部网络。
So the reverse proxy is the “public face” sitting at the edge of the app’s network, handling all of the requests; so it is, in a way, similar to a load balancer. But while implementing a load balancer only makes sense when you have multiple servers, you can deploy a reverse proxy with just one web server hosting multiple sites, and this can be particularly useful when there are different configuration requirements for those sites.
因此,反向代理就是位于应用程序网络边缘的“公开面Kong”,用于处理所有请求。 因此在某种程度上类似于负载均衡器。 但是,虽然仅当您有多台服务器时才实现负载平衡器,但是您可以仅通过一个托管多个站点的Web服务器来部署反向代理,这在这些站点有不同的配置要求时特别有用。
There are some benefits to this approach:
这种方法有一些好处:
Performance. A number of web acceleration techniques that can be implemented, including:
表现 。 可以实施多种Web加速技术,包括:
Compression: server responses can be compressed before returning them to the client to reduce bandwidth.
压缩 :服务器响应可以在返回客户端之前进行压缩以减少带宽。
SSL termination: decrypting requests and encrypting responses can free up resources on the back-end, while securing the connection.
SSL终止 :解密请求和加密响应可以释放后端的资源,同时确保连接的安全。
Caching: returning stores copies of content for when the same request is placed by another client, can decrease response time and load on the back-end server.
缓存 :当另一个客户端发出相同请求时,返回存储内容的副本,可以减少响应时间并增加后端服务器的负载。
Performance. A number of web acceleration techniques that can be implemented, including:
表现 。 可以实施多种Web加速技术,包括:
Security. Malicious clients cannot directly access your web servers, with the proxy effectively acting as an additional defense; and the number of connections can be limited, minimizing the impact of distributed denial-of-service (DDoS) attacks.
安全性 。 恶意客户端无法直接访问您的Web服务器,而代理有效地充当了额外的防御。 并且可以限制连接数,从而最大程度地减少了分布式拒绝服务(DDoS)攻击的影响。
Flexibility. A single URL can be the access point to multiple servers, regardless of the structure of the network behind them. This also allows requests to be distributed, maximizing speed and preventing overload. Clients also only get to know the reverse proxy’s IP address, so you can transparently change the configuration for your back-end as it better suits your traffic or architecture needs.
灵活性强 。 单个URL可以成为多个服务器的访问点,而不管它们后面的网络结构如何。 这也允许分发请求,以最大化速度并防止过载。 客户端也只知道反向代理的IP地址,因此您可以透明地更改后端的配置,因为它更适合您的流量或体系结构需求。
为什么选择NGINX (Why NGINX)
NGINX Plus and NGINX are the best-in-class reverse-proxy solutions used by high-traffic websites such as Dropbox, Netflix, and Zynga. More than 287 million websites worldwide, including the majority of the 100,000 busiest websites, rely on NGINX Plus and NGINX to deliver their content quickly, reliably, and securely.
NGINX Plus和NGINX是Dropbox,Netflix和Zynga等高流量网站所使用的同类最佳的反向代理解决方案。 全世界有超过2.87亿个网站 ,包括100,000个最繁忙的网站中的大多数 ,依靠NGINX Plus和NGINX来快速,可靠和安全地提供其内容。
What Is a Reverse Proxy Server? by NGINX.
什么是反向代理服务器? 由NGINX。
Apache is great and probably best for what it’s for — a multi-purpose web server, all batteries included. But because of this very reason, it can be more resource hungry as well. Also, Apache is multi-threaded even for single websites, which is not a bad thing in and of itself, especially for multi-core systems, but this can add a lot of overhead to CPU and memory usage when hosting multiple sites.
Apache的功能非常强大,并且可能是最出色的 -多功能Web服务器,包括所有电池。 但是由于这个原因,它也可能会占用更多资源。 同样,Apache即使对于单个网站也是多线程的 ,这本身并不是一件坏事,尤其是对于多核系统而言,但这并不是一件坏事,但是在托管多个站点时,这可能会增加CPU和内存使用量的开销。
Tweaking Apache for performance is possible, but it takes savvy and time. NGINX takes the opposite approach in its design — a minimalist web server that you need to tweak in order to add more features in, which to be fair, also takes some savvy.
可以对Apache进行性能调整,但这需要花些时间和精力。 NGINX在其设计中采用了相反的方法-您需要进行调整以添加更多功能的简约Web服务器,公平地说,这也需要一些技巧。
In short, NGINX beats Apache big time out-of-the-box performance and resource consumption-wise. For a single site you can chose not to even care, on a cluster or when hosting many sites, NGINX will surely make a difference.
简而言之,NGINX在开箱即用的性能和资源消耗方面击败了Apache。 对于单个站点,您甚至可以选择不在乎, 在群集上还是在托管多个站点时,NGINX肯定会有所作为 。
为什么选择阿里云 (Why Alibaba Cloud)
Part of the Alibaba Group (Alibaba.com, AliExpress), Alibaba Cloud has been around for nearly a decade at the time of this writing. It is China’s largest public cloud service provider, and the third of the world; so it isn’t exactly a “new player” in the cloud services arena.
在撰写本文时, 阿里云已经隶属于阿里巴巴集团(Alibaba.com,AliExpress)。 它是中国最大的公共云服务提供商,并且是世界第三 ; 因此它并不是云服务领域中的“新参与者”。
However, it hasn’t been until somewhat recently that Alibaba has decidedly stepped out of the Chinese and Asian markets to dive into the “Western world”. It’s a fully-featured offering: elastic computing, database services, storage and CDN, application service, domain and website, security, networking, analytics, Alibaba Cloud covers it all.
然而,直到最近,阿里巴巴才决定退出中国和亚洲市场,进入“西方世界”。 它是功能齐全的产品:弹性计算,数据库服务,存储和CDN,应用程序服务,域和网站,安全性,网络,分析, 阿里云涵盖了所有内容 。
部署到阿里云 (Deploying to Alibaba Cloud)
You’ll need an Alibaba Cloud account before you can set up your Linux box. And the good news is that you can get one for free! For the full details see How to Sign Up and Get Started.
在设置Linux系统之前,您需要一个阿里云帐户。 好消息是您可以免费获得一个! 有关完整的详细信息,请参见如何注册和入门 。
For this guide will use Ubuntu Linux, so you can see the How to Set Up Your First Ubuntu 16.04 Server on Alibaba Cloud) guide. Mind you, you could use Debian, CentOS, and in fact, you can go ahead and check 3 Ways to Set Up a Linux Server on Alibaba Cloud.
本指南将使用Ubuntu Linux,因此您可以参阅《 如何在阿里云上设置您的第一个Ubuntu 16.04服务器》指南。 请注意,您可以使用Debian , CentOS ,实际上,您可以继续并检查3种在阿里云上设置Linux服务器的方法 。
Once you get your Alibaba Cloud account and your Linux box is up and running, you’re good to go.
获得阿里云帐户并运行Linux系统后,一切就好了。
动手! (Hands On!)
安装NGINX (Installing NGINX)
If we wanted to use the whole process ourselves, we would first need to install NGINX.
如果我们想自己使用整个过程,则首先需要安装NGINX。
On Ubuntu we’d use the following commands:
在Ubuntu上,我们将使用以下命令:
$ sudo apt-get update
$ sudo apt-get install nginxAnd you can check the status of the web server with systemctl:
您可以使用systemctl Web服务器的状态:
$ systemctl status nginxWith systemctl you can also stop/start/restart the server, and enable/disable the launch of NGINX at boot time.
使用systemctl您还可以stop / start / restart服务器,并在引导时enable / disable NGINX的启动。
These are the two main directories of interest for us:
这些是我们感兴趣的两个主要目录:
/var/www/htmlNGINX default website location./var/www/htmlNGINX默认网站位置。/etc/nginxNGINX configuration directory./etc/nginxNGINX配置目录。
Now, setting a reverse proxy can be a somewhat cumbersome enterprise, as there are a number of network settings we need to go through, and files we need to update as we add sites/nodes behind our proxy.
现在,设置反向代理可能会有些麻烦,因为需要进行许多网络设置,并且需要在代理后面添加站点/节点时更新文件。
That is, of course, unless we automate the whole thing using software containers…
也就是说, 除非我们使用软件容器使整个过程自动化...
码头救援 (Docker to the Rescue)
Before we can start using software containers to automate our workflow, we first we need to install Docker, which for Ubuntu is a fairly straight forward process.
在开始使用软件容器来自动化工作流之前,我们首先需要安装Docker,对于Ubuntu而言,这是一个相当简单的过程。
Uninstall any old version:
卸载任何旧版本:
$ sudo apt-get remove docker docker-engine docker.ioInstall the latest Docker CE version:
安装最新的Docker CE版本:
$ sudo apt-get update
$ sudo apt-get install docker-ceIf you want to install a specific Docker version, or set up the Docker repository, see Get Docker CE for Ubuntu.
如果要安装特定的Docker版本或设置Docker存储库,请参阅获取适用于Ubuntu的Docker CE 。
设置网络 (Setting the Network)
Part of setting a reverse proxy infrastructure is properly setting networking rules.
设置反向代理基础结构的一部分是正确设置网络规则。
So let’s create a network with Docker:
因此,让我们使用Docker创建一个网络:
$ docker network create nginx-proxyAnd believe or not, the network is set!
信不信由你, 网络已经建立!
NGINX代理! (NGINX-Proxy!)
Now that we have Docker running on our Ubuntu server, we can streamline the process of installing, setting up the reverse proxy, and launching new sites.
现在我们已经在Ubuntu服务器上运行了Docker,我们可以简化安装,设置反向代理和启动新站点的过程。
Jason Wilder did an awesome job putting together a Docker image that does exactly that–jwilder/nginx-proxy, a automated NGINX proxy for Docker containers using docker-gen, that works perfectly out-of-the-box.
杰森·怀尔德(Jason Wilder)出色地完成了一个工作,将Docker映像准确地整合在一起-jwilder / nginx-proxy ,使用docker -gen的 Docker容器自动化NGINX代理,可以很好地使用。
Here’s how you can run the proxy:
这是运行代理的方法:
$ docker run -d -p 80:80 -p 443:443 --name nginx-proxy --net nginx-proxy -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxyEssentially:
本质上:
we told Docker to run NGINX as a daemon/service (
-d),我们告诉Docker将NGINX作为守护程序/服务(
-d)运行,mapped the proxy’s HTTP and HTTPS ports (80 and 443) the web server(s) ports behind it (
-p 80:80 -p 443:443),将代理的HTTP和HTTPS端口(80和443)映射到其后面的Web服务器端口(
-p 80:80 -p 443:443),named the NGINX proxy for future reference (
--name nginx-proxy),命名为NGINX代理以供将来参考(
--name nginx-proxy),used the network we previously set (
--net nginx-proxy),使用了之前设置的网络(
--net nginx-proxy),mapped the UNIX socket that Docker daemon is listening to, to use it across the network (
-v /var/run/docker.sock:/tmp/docker.sock:ro).映射了Docker守护进程正在侦听的UNIX套接字,以在网络上使用它(
-v /var/run/docker.sock:/tmp/docker.sock:ro)。
And believe or not, the NGINX reverse proxy is up and running!
信不信由你, NGINX反向代理已启动并正在运行!
启动站点,很多站点 (Launching Sites, Lots of Sites)
Normally when using Docker you would launch a “containerized” application, being a standard WordPress site, a specific Moodle configuration, or your own images with your own custom apps.
通常,在使用Docker时,您将启动“容器化”应用程序,即标准的WordPress网站,特定的Moodle配置或您自己的带有自定义应用程序的图像。
Launching a proxied container now is as easy as specifying the virtual your domain with VIRTUAL_HOST=subdomain.yourdomain.com:
现在启动代理容器就像使用VIRTUAL_HOST=subdomain.yourdomain.com指定虚拟域一样容易:
$ docker run -d --net nginx-proxy -e VIRTUAL_HOST=subdomain.yourdomain.com --name site_name your_docker_imageWhere your_docker_image may be a WordPress site, your own web app, etc.
其中your_docker_image可能是WordPress网站,您自己的Web应用程序等。
And believe or not, your web app is online!
信不信由你 , 您的网络应用程序已在线!
… but okay, let’s explain what just happened. jwilder/nginx-proxy transparently took care of creating all of the NGINX configuration files using the host name your provided, and doing all of the necessary network routing to the software container running your app; all of it with a single bash line — isn’t that crazy?
……但是,让我们解释一下发生了什么。 jwilder / nginx-proxy透明地负责使用您提供的主机名创建所有NGINX配置文件,并进行所有必要的网络路由至运行您的应用程序的软件容器; 所有这些都只有一条bash行-那样疯狂吗?
Notice that the IP address that you’ll use to access your web apps will always be the same, the internal routing and setting for your sites has already been taken care of, but you’ll just need to make sure that you’ve mapped your domains and subdomains appropriately to the proxy.
请注意,用于访问Web应用程序的IP地址将始终相同,已经处理了网站的内部路由和设置,但是您只需要确保已映射即可您的域和子域适当地代理。
额外提示:使用Docker Compose (Extra Tip: Using Docker Compose)
For those of you who are Docker power users, we can take the automation a little further with Docker Compose.
对于那些是Docker高级用户的人,我们可以使用Docker Compose进一步提高自动化程度。
Putting everything together in a docker-compose.yml file:
将所有内容放到docker-compose.yml文件中:
version: "2"
services:
nginx-proxy:
image: jwilder/nginx-proxy
networks:
- nginx-proxy
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
app_name:
container_name: your_app_name
image: your_docker_image
environment:
- VIRTUAL_HOST: subdomain.yourdomain.com
networks:
- nginx-proxy
networks:
nginx-proxy:
external:
name: nginx-proxy
back:
driver: bridgeAdditionally, with Docker Compose you can also set pretty much all of the infrastructure that you need — databases, all of your apps each with their own Apache/NGINX configuration, etc. That is out of the scope for this article, but you can find more info in Overview of Docker Compose.
此外,使用Docker Compose,您还可以设置几乎所有需要的基础结构-数据库,每个应用程序都具有自己的Apache / NGINX配置等。这超出了本文的范围,但是您可以找到Docker Compose概述中的更多信息。
资源资源 (Resources)
About Alibaba Cloud:
关于阿里云 :
Alibaba Cloud, an integrated suite of cloud products, services and solutions.
阿里云 ,云产品,服务和解决方案的集成套件。
-
learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD.
通过价值300-1200美元的免费试用版,了解并体验阿里云的强大功能。
Getting Started with Alibaba Cloud.
阿里云入门 。
About NGINX:
关于NGINX :
NGINX, a high performance load balancer, web server, and reverse proxy.
NGINX ,一个高性能的负载平衡器,Web服务器和反向代理。
Automated Nginx Reverse Proxy for Docker by Jason Wilder.
Jason Wilder的Docker自动Nginx反向代理 。
About Docker:
关于Docker :
Docker, build, ship, and run any app, anywhere.
Docker ,可以在任何地方构建,发布和运行任何应用程序。
Understanding Docker, Containers and Safer Software Delivery.
结语 (Wrapping It Up)
We just accomplished something quite elaborate—an infrastructure capable of managing hundreds of sites from a single entry point, with a strong focus on resource optimization, and an automated pipeline. Kudos!
我们刚刚完成了一些非常复杂的事情-一个能够从一个入口点管理数百个站点的基础结构,并且着重于资源优化和自动化管道。 荣誉!
As we mentioned, reverse proxies can be just the starting point when implementing server load balancing (SLB), a web application firewall (WAF), and even a content delivery network (CDN). We’ll get into more of that in the future.
正如我们提到的,反向代理只是实现服务器负载平衡 (SLB), Web应用程序防火墙 (WAF)甚至是内容交付网络 (CDN)的起点。 将来我们会进一步介绍。
翻译自: https://www.sitepoint.com/how-to-set-up-a-reverse-nginx-proxy-on-alibaba-cloud/
扫一扫
1550
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
