一����、寫在前面
最近需要把阿里云上的四臺(tái)服務(wù)器的項(xiàng)目遷移到客戶提供的新的項(xiàng)目中,原來(lái)的四臺(tái)服務(wù)器中用到了一級(jí)域名和二級(jí)域名���。比如aaa.abc.com 和bbb.abc.com 和ccc.abc.com�����。其中aaa.abc.com登錄�,通過(guò)把cookie中的信息setDomain給.abc.com��。其他系統(tǒng)可以共享這個(gè)cookie���。但是新的四臺(tái)服務(wù)器中并沒(méi)有申請(qǐng)域名,只有四個(gè)ip:
192.168.0.1 單點(diǎn)登錄服務(wù)器
192.168.0.2
192.168.0.3
192.168.0.4
因?yàn)槊颗_(tái)服務(wù)器有兩個(gè)項(xiàng)目�����,都用到單點(diǎn)登錄,所以通過(guò)修改新的共享登錄方式花費(fèi)時(shí)間太多����,于是在網(wǎng)上搜cookie的跨域登錄,嘗試了下��,在192.168.0.1 單點(diǎn)登錄服務(wù)器中多次setDomain分別給2�、3、4服務(wù)器����,結(jié)果不理想,因?yàn)闉g覽器不允許����。后來(lái)無(wú)意中看到nginx可以通過(guò)欺騙的方式共享cookie。于是想到原來(lái)公司部署nginx還有這層用法�����。
二��、原來(lái)的nginx配置
先說(shuō)下nginx的安裝���,這個(gè)網(wǎng)上都有很多教程�,不在贅述,我是參照于在Linux里安裝���、啟動(dòng)nginx�。需要注意的是./configure后面的各種with�,我在配置啟動(dòng)過(guò)程遇到了一些問(wèn)題:
nginx: [emerg] unknown directive "aio" in
加上--with-file-aio
復(fù)制代碼 代碼如下:
Starting nginx: nginx: [emerg] the INET6 sockets are not supported on this platform in “[::]:80” of the
在后面加上--with-ipv6好使。
安裝完成后��。主要是nginx.conf的配置
原來(lái)服務(wù)器的配置nginx.conf:
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user root;
worker_processes 2;
worker_cpu_affinity 1000 0100;
error_log logs/error.log;
pid logs/nginx.pid;
events {
worker_connections 2048;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
gzip on;
gzip_min_length 1000;
gzip_buffers 4 8k;
gzip_types text/plain application/javascript application/x-javascript text/css application/xml;
client_max_body_size 8M;
client_body_buffer_size 128k;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include mime.types;
default_type application/octet-stream;
connection_pool_size 512;
aio on;
open_file_cache max=1000 inactive=20s;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
# 主要配置在這里�����,nginx.conf配置都是一樣
include /usr/local/nginx/conf/conf.d/*.conf;
server {
listen 80 default_server;
listen [::]:80 ipv6only=on default_server;
server_name _;
root html;
# Load configuration files for the default server block.
include /usr/local/nginx/conf/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
原來(lái)服務(wù)器的
conf.d/*.conf的配置是reverse-proxy.conf
server
{
listen 80;
server_name m.abc.com.cn;
location / {
root /usr/share/nginx/html/;
index index.html index.htm;
}
location ~ \.(jsp|do)?$ {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8084;
}
if ($http_user_agent ~* "qihoobot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot") {
return 403;
}
access_log /home/logs/nginx/m.abc.com.cn_access.log;
}
server
{
listen 80;
server_name store.abc.com.cn *.store.abc.com.cn;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8081;
}
access_log /home/logs/nginx/store.abc.com.cn_access.log;
}
server
{
listen 80;
server_name shopcenter.abc.com.cn;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://10.45.100.222:8082;
}
access_log /home/logs/nginx/shopcenter.abc.com.cn_access.log;
}
server
{
listen 80;
server_name search.abc.com.cn;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://10.45.100.68:8083;
}
access_log /home/logs/nginx/search.abc.com.cn_access.log;
}
以上配置后��,nginx啟動(dòng)后���,通過(guò)訪問(wèn)不同的域名來(lái)訪問(wèn)不同服務(wù)器�����。而因?yàn)槎加卸?jí)域名.abc.com.cn����。所以可以共享cookie���。
nginx的文件結(jié)構(gòu)為:
三���、修改后的nginx配置
主要是reverse-proxy.conf 不同
server
{
listen 9998;
server_name 192.168.0.1:9998;
location /servlets/ {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://192.168.0.1:8088;
}
location / {
root /usr/local/nginx/html/web/;
index index.html index.htm;
}
location ~ \.(jsp|do)?$ {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://192.168.0.1:8088;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 700s;
}
if ($http_user_agent ~* "qihoobot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot") {
return 403;
}
access_log /usr/local/nginx/logs/www.abc.com.cn_access.log;
}
server
{
listen 9994;
server_name 192.168.0.1:9994;
location / {
proxy_redirect off;
root /usr/local/nginx/html/weixin/;
index index.html index.htm;
}
location ~ \.(jsp|do)?$ {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8084;
}
if ($http_user_agent ~* "qihoobot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot") {
return 403;
}
access_log /usr/local/nginx/logs/m.abc.com.cn_access.log;
}
server
{
listen 9990;
server_name store.abc.com.cn *.store.abc.com.cn;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8081;
}
access_log /usr/local/nginx/logs/store.abc.com.cn_access.log;
}
server
{
listen 9992;
server_name 192.168.0.1:9992;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://192.168.0.2:8082;
}
access_log /usr/local/nginx/logs/shopcenter.abc.com.cn_access.log;
}
server
{
listen 9993;
server_name 192.168.0.1:9993;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://192.168.0.3:8083;
}
access_log /usr/local/nginx/logs/search.abc.com.cn_access.log;
}
這樣就可以把192.168.0.1:9998 當(dāng)做單點(diǎn)服務(wù)器,登錄后的domain都為192.168.0.1 ��。其他的0.2����、0.3都可以通過(guò)192.168.0.1nginx和單點(diǎn)服務(wù)器的不同端口訪問(wèn),那么就可以共享這個(gè)0.1的域名了���。
四�����、最后
好吧�,可能描述的不是那么清楚����,有點(diǎn)亂。我所做的工作就是把原來(lái)的nginx配置中的端口和域名改成新服務(wù)器中的唯一一個(gè)ip把這個(gè)ip當(dāng)做那個(gè)域名���,不同端口對(duì)應(yīng)不同二級(jí)域名����。
以上就是本文的全部?jī)?nèi)容,希望對(duì)大家的學(xué)習(xí)有所幫助�,也希望大家多多支持腳本之家。
