美文网首页DockerLinuxNginx
Docker - 如何配置HTTPs的反向代理

Docker - 如何配置HTTPs的反向代理

作者: 红薯爱帅 | 来源:发表于2021-07-08 21:30 被阅读0次

    1. 概述

    本文介绍如何给Sentry配置HTTPs,有两种方法,本文重点介绍第二种。

    • Sentry是一个Django项目,可以基于uwsgi设置HTTPs,参考1参考2
    • 在Sentry前面,增加一个Load Balance Server,例如Nginx,这种方法比较通用

    2. Nginx启动步骤

    2.1. 生成TLS证书

    mkdir certs
openssl req -newkey rsa:2048 -nodes -sha256 -keyout certs/myrepo.com.key -x509 -days 365 -out certs/myrepo.com.crt

    2.2. 创建nginx.conf

    log_format增加了两个字段,用于统计后端API的耗时。

    • $request_time, request processing time in seconds with a milliseconds resolution; time elapsed between the first bytes were read from the client and the log write after the last bytes were sent to the client
    • $upstream_response_time, keeps time spent on receiving the response from the upstream server; the time is kept in seconds with millisecond resolution.

    从上面的描述可以看出,request_time肯定比upstream_response_time值大;尤其是在客户端采用POST方式提交较大的数据,响应体比较大的时候。在客户端网络条件差的时候,$request_time还会被放大。

    参考:https://www.cnblogs.com/thatsit/p/7078210.html

    # 运行nginx的用户
user  nginx;
# 启动进程设置成和CPU数量相等
worker_processes  1;

# 全局错误日志及PID文件的位置
error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

# 工作模式及连接数上限
events {
    # 单个后台work进程最大并发数设置为1024
    worker_connections  1024;
}

http {
    # 设定mime类型
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    # 设定日志格式
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent $request_time[$upstream_response_time] "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    # 设置连接超时的事件
    keepalive_timeout  65;

    # 开启GZIP压缩
    #gzip  on;

    server {
        listen 80;
        server_name mywebsite.com;
        rewrite ^(.*)$ https://${server_name}$1 permanent;
    }

    server {
        listen 443 ssl;
        server_name  mywebsite.com;             #域名

        # 增加ssl
        ssl_certificate /ssl/sentry.com.crt;
        ssl_certificate_key /ssl/sentry.com.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        # 指定密码为openssl支持的格式
        ssl_protocols  SSLv2 SSLv3 TLSv1.2;

        ssl_ciphers  HIGH:!aNULL:!MD5;   # 密码加密方式
        ssl_prefer_server_ciphers  on;   # 依赖SSLv3和TLSv1协议的服务器密码将优先于客户端密码

        # 定义首页索引目录和名称
        location / {
            proxy_pass         http://10.211.28.94:9090;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }

        # 重定向错误页面到 /50x.html
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/share/nginx/html;
        }
    }

}

    2.3. 启动Nginx

    • 目录结构
    $ tree .
.
├── certs
│   ├── sentry.com.crt
│   └── sentry.com.key
├── launch.sh
├── logs
│   ├── access.log
│   └── error.log
└── nginx.conf
    • 启动脚本
    docker stop infra-nginx

docker run -d --rm \
        --name infra-nginx \
        -p 443:443\
        -p 80:80 \
        -v `pwd`/nginx.conf:/etc/nginx/nginx.conf/:ro\
        -v `pwd`/logs:/var/log/nginx/:rw\
        -v `pwd`/certs/:/ssl/:ro\
        nginx

    3. 测试

    打开本地浏览器,访问https://sentry-service,Nginx会有下面日志

    $ tail -f logs/access.log
10.210.10.153 - - [06/Jul/2021:02:44:53 +0000] "POST /api/4/store/?sentry_key=b8fd92aebc66&sentry_version=7 HTTP/1.1" 200 41 0.015[0.003] "http://localhost:8000/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" "-"
10.210.10.153 - - [06/Jul/2021:02:44:53 +0000] "POST /api/4/store/?sentry_key=b8fd92aebc66&sentry_version=7 HTTP/1.1" 200 41 0.011[0.003] "http://localhost:8000/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" "-"

    相关文章

      网友评论

        本文标题:Docker - 如何配置HTTPs的反向代理

        本文链接:https://www.haomeiwen.com/subject/lpztpltx.html

        延伸阅读

        深度阅读

        • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

        栏目导航

        热点阅读

        Docker

        Linux

        Nginx

        关于我们|服务条款|联系我们|Docker - 如何配置HTTPs的反向代理|投稿指南|网站地图|RSS订阅|排版工具|手机版

        提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

        Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

        备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

        本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

        所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!