我有以下 Nginx 配置
upstream artifactory_lb {
server main_server.com:8081 ;
server backup_server.com:8081 backup;
}
log_format upstreamlog '[$time_local] $remote_addr - $remote_user - $server_name to: $upstream_addr: $request upstream_response_time $upstream_response_time msec $msec request_time $request_time';
ssl_certificate /path/to/cert
ssl_certificate_key /path/to/key
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_session_cache shared:SSL:10m;
server {
listen 80;
listen 443 ssl;
client_max_body_size 2048M;
location / {
proxy_set_header Host $host;
proxy_pass http://artifactory_lb;
proxy_read_timeout 90;
}
access_log /var/log/nginx/access.log upstreamlog;
location /basic_status {
stub_status on;
allow all;
}
}
# Server configuration
server {
listen 2222 ssl;
server_name main_server.com;
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
rewrite ^/(v1|v2)/(.*) /api/docker/inhouse_images/$1/$2;
client_max_body_size 0;
chunked_transfer_encoding on;
location / {
allow all;
proxy_read_timeout 900;
proxy_pass_header Server;
proxy_cookie_path ~*^/.* /;
proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://main_server.com:8081/artifactory/;
}
}
请注意,“proxy_pass”指令指向服务器的单个实例,这会增加单点故障。有没有办法解决这个问题?
Nginx 配置可以有两组上游服务器吗?所以在这种情况下会是这样的
upstream artifactory_lb1 {
server main_server.com:8081 ;
server backup_server.com:8081 backup;
}
upstream artifactory_lb2 {
server main_server.com:8081/artifactory/;
server backup_server.com:8081/artifactory/ backup;
}
这被认为是一个好的做法吗?
正如@AlexeyTen所述,您可以简单地使用
proxy_pass http://artifactory_lb/artifactory/;
一般来说,如果您担心在配置 NGINX 时违反最佳实践,您应该始终通过静态分析器运行配置,例如https://github.com/coguardio/coguard-cli 如果您只是遵循清单,您可能会遇到人为错误。