实战场景:网站上线,要保证在不影响原正式网站的前提下,部署一套网站的测试环境,供客户测试;
网站域名:www.xxxxx.com
解决此问题有2中解决方案:
①通过域名+指定路径的方式部署,即:www.xxxxx.com/test,客户可以直接通过域名访问测试环境;
②通过内网IP方式部署,即:选择一台nginx服务器,对测试环境做反向代理,客户只能通过VPN+内网IP的方式访问测试环境;
由于还需代理其他应用,所以第一种方式面临的问题很多,结果我们选择的第二种方式第二天被客户pass,所以又不得不寻求其他的解决方案。
为解决客户要求,想到了2中解决方案:
①nginx代理网站子域名,映射到测试环境。即:不同的域名映射到不同的应用环境,这种方式需要申请子域名。
②nginx代理网站域名的8080端口,映射到测试环境。即:同一域名的不同端口映射到不同的应用环境,这种方式需要域名服务商开放8080端口。
客户原因,选择第二种方式。
下面是nginx.conf配置文件:
user nobody;
worker_processes 8;
error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
client_max_body_size 100m;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
gzip on;
gzip_comp_level 6; # 压缩比例,比例越大,压缩时间越长。默认是1
gzip_types text/xml text/plain text/css application/javascript application/x-javascript application/rss+xml; # 哪些文件可以被压缩
gzip_disable "MSIE [1-6]\."; # IE6无效
# 网站服务器列表
upstream uni-web {
server xx.x.x.109:8080;
}
# 网站英文版
upstream uni-web-en {
server xx.x.x.106:8080;
}
# pms服务器列表
upstream pms {
server xx.x.x.106:8090;
server xx.x.x.109:8090;
}
# 运营平台服务器列表
upstream control {
server xx.x.x.105:8080;
}
#测试环境
server {
listen 8080;
server_name 你的域名;
#charset koi8-r;
access_log logs/host.8080.access.log main;
# 转发所有请求
location / {
proxy_pass http://xx.x.x.107;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 80;
server_name 你的域名;
#charset koi8-r;
access_log logs/host.access.log main;
# 网站
location / {
proxy_pass http://uni-web;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# 英文网站
location /en {
proxy_pass http://uni-web-en;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# pms
location /pms {
proxy_pass http://pms;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# 运营平台
location /cms {
proxy_pass http://control;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# jeecms 后台管理网站
location /jeeadmin/ {
proxy_pass http://xx.x.x.107;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# rewrite ^(/jeeadmin/)$ /jeeadmin/jeecms/login.do break;
}
#location /apfel150.html {
# rewrite ^/(apfel150.html)$ /study/$1 last;
#}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location = /baidu_verify_CXOKsFqzpJ.html {
root html;
}
location = /baidusilian.txt {
root html;
}
location = /robots.txt {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
#设定查看Nginx状态的地址 ,在安装时要加上--with-http_stub_status_module参数
location /NginxStatus {
stub_status on;
access_log on;
auth_basic "NginxStatus";
auth_basic_user_file conf/htpasswd; #设置访问密码,htpasswd -bc filename username password
}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# 设置只允许通过域名访问站点
server {
listen 80 default_server;
server_name _;
return 403;
}
}
第一种方式和这种配置一样,融汇广通。