背景:如何使用8088端口将请求通过路由方式请求到不同后端code-server软件
1:自签SSL证书
openssl genrsa -out domain.key 2048 #小于2048时nginx -t会报错
openssl req -new -key server.key -out server.csr #根据server.key生成一个server.csr请求文件
#这里会出现以下对话
#Enter pass phrase for domain.key: # 之前设置的密码
#-----
#Country Name (2 letter code) [XX]:CN # 国家
#State or Province Name (full name) []:Jilin # 地区或省份
#Locality Name (eg, city) [Default City]:Changchun # 地区局部名
#Organization Name (eg, company) [Default Company Ltd]:Python # 机构名称
#Organizational Unit Name (eg, section) []:Python # 组织单位名称
#Common Name (eg, your name or your server's hostname) []:domain.com # 网站域名填nginx配置文件中server_name区域的域名或地址
#Email Address []:123@domain.com # 邮箱
#A challenge password []: # 私钥保护密码,可直接回车
#An optional company name []: # 一个可选公司名称,可直接回车
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt #根据请求文件签发crt文件
2:nginx配置
server {
listen 80;
listen 443 ssl http2;
server_name 127.0.0.1;
# ssl on; # 不建议使用! 该指令与listen中ssl参数功能相同.
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# 自动跳转到HTTPS
if ($server_port = 80) {
rewrite ^(.*)$ https://$host$1 permanent;
}
location /code01/ {
proxy_pass https://后端服务:8089/;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
client_max_body_size 200m;
add_header X-Cache $upstream_cache_status;
proxy_cache_key $uri$is_args$args;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_buffer_size 128k;
proxy_buffers 32 32k;
proxy_busy_buffers_size 128k;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
}
location /code02/ {
proxy_pass https://后端服务:8090/;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
client_max_body_size 200m;
add_header X-Cache $upstream_cache_status;
proxy_cache_key $uri$is_args$args;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_buffer_size 128k;
proxy_buffers 32 32k;
proxy_busy_buffers_size 128k;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
}
location /code03/ {
proxy_pass https://后端服务:8091/;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
client_max_body_size 200m;
add_header X-Cache $upstream_cache_status;
proxy_cache_key $uri$is_args$args;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_buffer_size 128k;
proxy_buffers 32 32k;
proxy_busy_buffers_size 128k;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
}
}
