nginx 配置kong集群
如果route设置的匹配规则是 header里面的Host,Nginx在转发请求的时候需要加上,否则请求的host会被过滤掉,导致kong的route(匹配规则是Host的route)不能匹配到正确的service:
Nginx的ssl模块必须安装OpenSSL:
yum install -y openssl openssl-devel
yum install -y pcre pcre-devel
nginx需要支持ssl模块,用来代理kong的https的8443端口
./configure --prefix=/usr/local/nginx \
--conf-path=/usr/local/nginx/conf/nginx.conf \
--error-log-path=/usr/local/nginx/logs/error.log \
--http-log-path=/usr/local/nginx/logs/access.log \
--pid-path=/usr/local/nginx/pids/nginx.pid \
--lock-path=/usr/local/nginx/locks/nginx.lock \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--http-client-body-temp-path=/usr/local/nginx/tmp/client \
--http-proxy-temp-path=/usr/local/nginx/tmp/proxy \
--http-fastcgi-temp-path=/usr/local/nginx/tmp/fastcgi \
--http-uwsgi-temp-path=/usr/local/nginx/tmp/uwsgi \
--http-scgi-temp-path=/usr/local/nginx/tmp/scgi
server {
listen 443;
server_name oauth2_token;
ssl on;
ssl_certificate /usr/local/kong/ssl/kong-default.crt;
ssl_certificate_key /usr/local/kong/ssl/kong-default.key;
location / {
proxy_set_header Host $host;
proxy_pass https://kong_oauth2_token;
}
}
Nginx和kong的ssl证书地址(本地证书):/usr/local/kong/ssl/kong-default.crt /usr/local/kong/ssl/kong-default.key