environment:
两台服务器:
本地服务器(local):centos7
具备公网ip 的云服务(cloud)centos7
通过内网穿透给两服务器创建一个网络通道
使用工具openvpn或frps,推荐openvpn,frps不知为何会占用很大的资源
(四)cloud配置nginx
因为我们只需要利用cloud的公网ip可以让外网访问local的资源,所以在构建完网络通道之后,只需要再在cloud配置一下nginx对请求进行转发便可完成需求。
我是对所有组件的请求、连接都通过这种转发的方式的,因为一开始我只想试一下。
还可以另一种办法就是,配置文件里配置组件的local访问地址就行,只转发网络请求,更简单和高效,但是我没搞,所以以下都是对对所有组件的请求、连接都是想公网ip发起请求,再转发到本地再响应。
1 安装nginx
1 拉取镜像
docker pull nginx
2 添加配置文件
下面是https
# 创建配置文件
touch /path/nginx/nginx.conf
# 添加配置文件内容
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
rewrite_log on;
client_max_body_size 50m;
client_body_buffer_size 10m;
client_header_timeout 1m;
client_body_timeout 1m;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_comp_level 4;
gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
gzip_vary on;
# 博客后端请求
server {
listen 后端端口;
server_name 公网ip;
location / {
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
proxy_pass http://10.0.0.6:后端端口/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
location /api/ {
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
rewrite ^/api/(.*)$ /$1 break;
proxy_pass http://10.0.0.6:后端端口/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
# 前端https
server {
listen 443 ssl;
server_name www.cclucky.top;
#ssl on;
ssl_certificate cert/你的.pem;
ssl_certificate_key cert/你的.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:80/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 80;
server_name www.cclucky.top;
location / {
proxy_pass http://10.0.0.6:80;
}
}
server {
listen 443 ssl;
server_name adm.cclucky.top;
#ssl on;
ssl_certificate cert/你的.pem;
ssl_certificate_key cert/你的.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:80/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 80;
server_name adm.cclucky.top;
location / {
proxy_pass http://10.0.0.6:80;
}
}
# minio
server{
listen 443 ssl;
server_name minio.cclucky.top;
ssl_certificate cert/你的.pem;
ssl_certificate_key cert/你的.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# 下面这个顺序不要颠倒
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://cloud-ip:minio-port;
# 下面这三个记得加上
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
stream {
upstream mysql {
hash $remote_addr consistent;
server 10.8.0.6:3306 weight=5 max_fails=3 fail_timeout=30s;
}
server {
listen 3306;
proxy_connect_timeout 10s;
proxy_timeout 200s;
proxy_pass mysql;
}
upstream redis {
hash $remote_addr consistent;
server 10.0.0.6:6379 weight=5 max_fails=3 fail_timeout=30s;
}
server {
listen 6379;
proxy_connect_timeout 10s;
proxy_timeout 200s;
proxy_pass redis;
}
upstream rabbitmq {
hash $remote_addr consistent;
server 10.0.0.6:5672 weight=5 max_fails=3 fail_timeout=30s;
}
server {
listen 5672;
proxy_connect_timeout 10s;
proxy_timeout 200s;
proxy_pass rabbitmq;
}
upstream minio-console {
hash $remote_addr consistent;
server 10.0.0.6:9000 weight=5 max_fails=3 fail_timeout=30s;
}
server {
listen 9000;
proxy_connect_timeout 10s;
proxy_timeout 200s;
proxy_pass minio-console;
}
upstream minio-api {
hash $remote_addr consistent;
server 10.0.0.6:9090 weight=5 max_fails=3 fail_timeout=30s;
}
server {
listen 9090;
proxy_connect_timeout 10s;
proxy_timeout 200s;
proxy_pass minio-api;
}
upstream blog-front {
hash $remote_addr consistent;
server 10.0.0.6:80 weight=5 max_fails=3 fail_timeout=30s;
}
}
注意:以上ip和端口都是瞎写的,根据实际情况的来配置,证书可以腾讯云申请(免费)
http
版只需要别监听ssl
的443
端口就可以了,多余的配置删除
记得防火墙开放cloud的端口并添加白名单
最后说一下这个nginx.conf是写的是比较差的,大佬们可以优化一下
3 运行nginx容器
# 只监听80端口
docker run --name nginx --restart=always -p 80:80 -d -v /path/nginx/nginx.conf:/etc/nginx/nginx.conf nginx
# 监听所有端口
docker run --name nginx --restart=always --net="host" -d -v /path/nginx/nginx.conf:/etc/nginx/nginx.conf nginx