實戰場景:網站上線,要保證在不影響原正式網站的前提下,部署一套網站的測試環境,供客戶測試;
網站域名:www.xxxxx.com
解決此問題有2中解決方案:
①通過域名+指定路徑的方式部署,即:www.xxxxx.com/test,客戶可以直接通過域名訪問測試環境;
②通過內網IP方式部署,即:選擇一臺nginx服務器,對測試環境做反向代理,客戶只能通過VPN+內網IP的方式訪問測試環境;
由於還需代理其他應用,所以第一種方式面臨的問題很多,結果我們選擇的第二種方式第二天被客戶pass,所以又不得不尋求其他的解決方案。
爲解決客戶要求,想到了2中解決方案:
①nginx代理網站子域名,映射到測試環境。即:不同的域名映射到不同的應用環境,這種方式需要申請子域名。
②nginx代理網站域名的8080端口,映射到測試環境。即:同一域名的不同端口映射到不同的應用環境,這種方式需要域名服務商開放8080端口。
客戶原因,選擇第二種方式。
下面是nginx.conf配置文件:
user nobody;
worker_processes 8;
error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
client_max_body_size 100m;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
gzip on;
gzip_comp_level 6; # 壓縮比例,比例越大,壓縮時間越長。默認是1
gzip_types text/xml text/plain text/css application/javascript application/x-javascript application/rss+xml; # 哪些文件可以被壓縮
gzip_disable "MSIE [1-6]\."; # IE6無效
# 網站服務器列表
upstream uni-web {
server xx.x.x.109:8080;
}
# 網站英文版
upstream uni-web-en {
server xx.x.x.106:8080;
}
# pms服務器列表
upstream pms {
server xx.x.x.106:8090;
server xx.x.x.109:8090;
}
# 運營平臺服務器列表
upstream control {
server xx.x.x.105:8080;
}
#測試環境
server {
listen 8080;
server_name 你的域名;
#charset koi8-r;
access_log logs/host.8080.access.log main;
# 轉發所有請求
location / {
proxy_pass http://xx.x.x.107;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 80;
server_name 你的域名;
#charset koi8-r;
access_log logs/host.access.log main;
# 網站
location / {
proxy_pass http://uni-web;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# 英文網站
location /en {
proxy_pass http://uni-web-en;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# pms
location /pms {
proxy_pass http://pms;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# 運營平臺
location /cms {
proxy_pass http://control;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# jeecms 後臺管理網站
location /jeeadmin/ {
proxy_pass http://xx.x.x.107;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# rewrite ^(/jeeadmin/)$ /jeeadmin/jeecms/login.do break;
}
#location /apfel150.html {
# rewrite ^/(apfel150.html)$ /study/$1 last;
#}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location = /baidu_verify_CXOKsFqzpJ.html {
root html;
}
location = /baidusilian.txt {
root html;
}
location = /robots.txt {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
#設定查看Nginx狀態的地址 ,在安裝時要加上--with-http_stub_status_module參數
location /NginxStatus {
stub_status on;
access_log on;
auth_basic "NginxStatus";
auth_basic_user_file conf/htpasswd; #設置訪問密碼,htpasswd -bc filename username password
}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# 設置只允許通過域名訪問站點
server {
listen 80 default_server;
server_name _;
return 403;
}
}
第一種方式和這種配置一樣,融匯廣通。