CENTOS RPM 安装后, Nginx 默认配置文件在:/opt/nginx/nginx.conf, 在 http 指令块中新增代理配置
配置文件参考:
upstream qt_server { #添加QT节点,上面必须部署ingress-controller server 11.123.11.192:80 weight=1; server 11.223.11.144:80 weight=1; server 11.223.11.194:80 weight=1; server 11.223.11.195:80 weight=1; server 11.223.11.196:80 weight=1; server 11.223.11.197:80 weight=1; server 11.223.11.198:80 weight=1; } server { #监听的80端口 listen 80; #请按客户需求添加, 不需要暴露的域名不要添加 #默认所有请求代理到k8s集群 location / { proxy_pass http://qt_server; #后端的Web服务器可以通过X-Forwarded-For获取用户真实IP proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } #https服务,默认由客户提供证书 server { #监听443端口 listen 443; #请按客户需求添加, 不需要暴露的域名不要添加 server_name qt.fcsc.com track.fcsc.com minio-console.emas-poc.com grafana-console.emas-poc.com prometheus.emas-poc.com; #https证书配置, 需要加签server_name 中的域名 ssl_certificate /etc/nginx/cert/server.crt; ssl_certificate_key /etc/nginx/cert/server.key; #ssl其它配置, 按需修改 ssl_prefer_server_ciphers on; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #定义算法 ssl_ciphers 'EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4'; #默认所有请求代理到k8s集群 location / { proxy_pass http://qt_server; #后端的Web服务器可以通过X-Forwarded-For获取用户真实IP proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }
测试配置文件:
/opt/nginx/sbin/nginx -t
停止命令:
/opt/nginx/sbin/nginx nginx -s stop
启动命令:
/opt/nginx/sbin/nginx
重新加载配置:
/opt/nginx/sbing/nginx -s reload