server {
listen 9081 ssl;
server_name rancher.XXXX.com;
ssl_certificate /usr/local/nginx/cert/rancher.XXXX.com.pem;
ssl_certificate_key /usr/local/nginx/cert/rancher.XXXX.com.key;
location / {
proxy_pass https://10.173.113.42:8443;
proxy_set_header Host $host:9081;
proxy_redirect off;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE';
add_header 'Access-Control-Allow-Credentials' 'true';
if ( $request_method = 'OPTIONS' ){
return 200;
}
}
location ~* /(exec|subscribe|log)$ {
proxy_pass https://10.173.113.42:8443;
proxy_set_header Host $host:9081;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE';
add_header 'Access-Control-Allow-Credentials' 'true';
if ( $request_method = 'OPTIONS' ){
return 200;
}
}
}
location / 是https转发
location /k8s 是对web socket进行转发
域名:https://rancher.XXXX.com
rancher地址:https://10.173.113.42:8443
ranhcer是通过docker部署的,rancher的内网地址是一个https地址,上面的配置是将https请求转发rancher的,具体为:https://rancher.XXXX.com代理到https://10.173.113.42:8443中.