服务架构
loadbalance层配置
nginx初始配置
server {
listen 443;
server_name xxx.com;
ssl on;
ssl_certificate /etc/nginx/conf/xxx.com.pem;
ssl_certificate_key /etc/nginx/conf/xxx.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
#location / {
# root /usr/share/nginx/html;
# index index.html index.htm;
#}
location / {
proxy_pass http://x x x:y;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
测试后发现, 直接命令行curl xxx.com 或者 浏览器访问都是正常的,但是swagger无法访问
开始解决问题
页面检查发现swagger 访问的地址 变成了x x x:y, 可以确定是 代理 或请求转发 有问题,
从nginx作手 尝试 增加对 host 的绑定
server {
listen 443;
server_name xxx.com;
ssl on;
ssl_certificate /etc/nginx/conf/xxx.com.pem;
ssl_certificate_key /etc/nginx/conf/xxx.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_pass http://x x x:y;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
reload 之后 使用swagger访问 发现 访问地址变成了xxx.com:y, 设置代理的时候把端口 带上了,
尝试 指定 协议 和 代理端口
server {
listen 443;
server_name xxx.com;
ssl on;
ssl_certificate /etc/nginx/con/xxx.com.pem;
ssl_certificate_key /etc/nginx/conf/xxx.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_pass http://xxx:y;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
#proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
}
}
内部nginx配置
server {
listen y;
server_name xxx;
location / {
proxy_pass http://xxx:y;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
reload 之后 使用swagger访问, 此时已经可以正常返回
配置参考:https://github.com/abel1225/DevOps-Configuration/blob/master/nginx/config/nginx-swagger.conf