nginx配置案例一:
訪問地址:http://mbuy.bbc.com/h5cdn/#/buy/userInfo
mbuy.bbc.com站點nginx配置(mbuy.bbc.com.conf ):
##mbuy.bbc.com###
upstream mbuy_server {
server 10.12.25.186:8085 max_fails=1 fail_timeout=300s ;
}
upstream mbuy_hcdn {
server 10.12.25.186:80 max_fails=1 fail_timeout=300s;
}
server {
listen 80;
listen 443;
server_name mbuy.bbc.com;
ssl on;
ssl_certificate /etc/nginx/ssl/bbc.com/bbc.com.crt;
ssl_certificate_key /etc/nginx/ssl/bbc.com/bbc.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXP;
ssl_prefer_server_ciphers on;
keepalive_timeout 60;
server_tokens off;
proxy_hide_header X-Powered-By;
proxy_hide_header X-AspNet-Version;
index default.htm index.html index.htm default.html;
gzip on;
access_log /file/logs/mbuy.bbc.com/mbuy.bbc.com.access.log main;
location / {
if ($request_method = OPTIONS ) {
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "POST, GET, PUT, OPTIONS, DELETE";
add_header Access-Control-Max-Age "3600";
add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization";
add_header Access-Control-Allow-Credentials "true";
add_header Content-Length 0;
add_header Content-Type text/plain;
return 200;
}
proxy_pass http://mbuy_server/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /h5cdn/ {
proxy_pass http://mbuy_hcdn/;
}
location /h5 {
proxy_pass http://10.134.16.195/h5/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
#nginx配置案例二:
A.安裝與配置:
1.從官網下載windos版本nginx程序:
下載鏈接:http://nginx.org/en/download.html
安裝說明:http://nginx.org/en/docs/windows.html
a.以nginx-1.15.8.zip爲例,下載後解壓到D:\Program Files\目錄,並啓動:
cd D:\Program Files\nginx-1.15.8
unzip nginx-1.15.8.zip
cd nginx-1.15.8
start nginx
b.使用 tasklist命令查看nginx進程:
D:\Program Files\nginx-1.15.8>tasklist /fi "imagename eq nginx.exe"
Image Name PID Session Name Session# Mem Usage
=============== ======== ============== ========== ============
nginx.exe 652 Console 0 2 780 K
nginx.exe 1332 Console 0 3 112 K
2.常用命令:
nginx -s stop fast shutdown
nginx -s quit graceful shutdown
nginx -s reload changing configuration, starting new worker processes with a new configuration, graceful shutdown of old worker processes
nginx -s reopen re-opening log files
3.日誌說明:
訪問日誌:D:\Program Files\nginx-1.15.8\logs\access.log
nginx啓動日誌:D:\Program Files\nginx-1.15.8\logs\error.log
4.配置說明:D:\Program Files\nginx-1.15.8\conf\nginx.conf 文件內容如下:
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
upstream mbuy_server {
server 127.0.0.1:8484 max_fails=1 fail_timeout=300s ;
}
upstream mbuy_server1 {
server 10.14.26.18:8090 max_fails=1 fail_timeout=300s ;
}
server {
listen 8090;
server_name 127.0.0.1;
#charset koi8-r;
#access_log logs/host.access.log main;
#當訪問127.0.0.1:8090轉發代理
location / {
if ($request_method = OPTIONS ) {
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "POST, GET, PUT, OPTIONS, DELETE";
add_header Access-Control-Max-Age "3600";
add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization";
add_header Access-Control-Allow-Credentials "true";
add_header Content-Length 0;
add_header Content-Type text/plain;
return 200;
}
proxy_pass http://mbuy_server1/;
index index.html index.htm;
}
#通過/mbuyApi來標識轉發的代理
location /mbuyApi {
proxy_pass http://mbuy_server/mbuyApi;
index index.html index.htm;
}
}
}
B.應用場景:
前置條件:
【測試環境】:
1.靜態資源應用部署10.14.26.18:8090 機器上,訪問路徑:http://10.14.26.18:8090/h5/index.html#/signon
2.提供給靜態資源應用訪問的應用(接口)部署10.25.26.95:8091機器上,訪問路徑:http://10.25.26.95:8091/mbuyApi/IBuyService/orderById
注意:測試環境環境做了nginx代理配置,訪問http://10.14.26.18:8090/mbuyApi/IBuyService/orderById 會被代理到http://10.25.26.95:8091/mbuyApi/IBuyService/orderById。
【本地環境】
1.提供給靜態資源應用訪問的應用(接口)部署127.0.0.1:8484機器上,訪問路徑:http://127.0.0.1:8484/mbuyApi/IBuyService/orderById
目標訴求:
想通過本機的nginx代理來實現10.14.26.18:8090機器上靜態資源,訪問接口時調用到本地127.0.0.1:8484機器上接口來實現本地聯調。
案例舉例:
通過訪問本機(127.0.0.1)的8090端口鏈接時來代理 10.114.26.188:8090訪問,並同時將請求的接口代理到127.0.0.1:8484機器上
http://127.0.0.1:8090/h5/index.html#/signon 被代理到 http://10.14.26.18:8090/h5/index.html#/signon
http://10.14.26.18:8090/mbuyApi/IBuyService/orderById 訪問被代理到 http://127.0.0.1:8484/mbuyApi/IBuyService/orderById
三.啓動:
配置完成後,進行nginx重啓與檢查
1)重啓nginx命令: nginx -s reload
2)檢查nginx命令: nginx -t
權限:
1.採集接口token流程:
a.請求流程:
APP端balana頁 -> AC -> H5頁 -> 採集接口
b.業務流信息:
APP根據登錄獲取的token&H5頁面url請求授權 -> 根據請求token進行驗證授權&寫入新token到cookie跳轉H5頁-> H5頁操作提交請求->採集接口從token獲取userId驗證。