我正在尝试运行Vault和consul,我正在使用nginx:
location /app {
deny all;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://vault-consul:8500;
}
location / {
deny all;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://vault-app:8200;
}
问题是当我重新启动 nginx 时; 然后点击
https://domai-name.com/app
,它会将我重定向到 https://domai-name.com/ui
,这是 vault-app
的用户界面,而不是 vault-consul
,您能帮忙吗?
可以将 Consul 和 Vault 托管在单个
/ui/<app>
路径后面,并根据 HTTP Referer 标头有选择地将流量代理到正确的应用程序。该解决方案最初由 GitHub 用户 radioipcloud 在 https://github.com/hashicorp/consul/issues/11627 中分享。
操作员可能希望将 Vault 和 Consul UI 放置在 nginx 代理后面的同一主机名下,并通过诸如
<hostname>/ui/<consul/vault>/
之类的 URL 路径访问它们。
location /ui {
if ($http_referer ~ (/ui/vault)) {
proxy_pass http://127.0.0.1:8200;
}
if ($http_referer ~ (/ui/consul)) {
proxy_pass http://127.0.0.1:8500;
}
}
location /v1 {
if ($http_referer ~ (/ui/vault)) {
proxy_pass http://127.0.0.1:8200;
}
if ($http_referer ~ (/ui/consul)) {
proxy_pass http://127.0.0.1:8500;
}
}
location /ui/vault/ {
proxy_pass http://127.0.0.1:8200/ui/;
}
location /ui/consul {
proxy_pass http://127.0.0.1:8500;
}
启动 consul 时请务必设置
-ui-content-path=/ui/consul/
。