事情起因背景
一套Saas系統私有化部署,採用客戶的openshift環境,對應的一些應用需要訪問互聯網,由於客戶屬於銀行那種,對網絡管控比較嚴格,網絡只能開通點點對模式,爲了解決統一開通網絡以及管理網絡,採用了正向代理模式解決讓容器內應用訪問互聯網
大概思路是 容器內部 配置hostnames解析域名,ip指向代理服務器
在代理服務器上統一開通訪問互聯網的端口策略
1、下載nginx
yum install -y wget
wget http://nginx.org/download/nginx-1.21.0.tar.gz
2、安裝nginx需要編譯的工具
yum install gcc gcc-c++ make auotmake autoconf libtool pcre pcre-devel zlib zlib-devel openssl openssl-devel --setopt=protected_multilib=false
3、手動創建用戶和用戶組
$ groupadd nginx
$ useradd nginx -g nginx -s /sbin/nologin -M
4、創建安裝目錄以及解壓壓縮包
mkdir -p /home/nginx
tar -xf nginx-1.21.0.tar.gz -C /home/nginx
cd /home/nginx
mv nginx-1.21.0/ nginx-server
mkdir -p /home/nginx/nginx-server/logs
5、編譯安裝
cd nginx-server
./configure --prefix=/home/nginx/nginx-server --with-http_stub_status_module --with-http_ssl_module --user=nginx --group=nginx --with-stream --with-stream_ssl_preread_module --with-stream_ssl_module
make & make install
6、修改配置文件
user nginx;
worker_processes 1;
events {
worker_connections 2048;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 300;
# 七層代理
server {
listen 80;
# 此處四dns服務器ip
resolver 10.96.26.28;
access_log /home/nginx/nginx-server/logs/http_proxy.log;
location / {
proxy_pass $scheme://$http_host$request_uri;
proxy_set_header Host $host;
proxy_connect_timeout 60;
}
}
include /home/nginx/nginx-server/conf.d/*.conf;
}
# 四層代理
stream {
log_format basic '$remote_addr [$time_local] '
'$protocol $status $bytes_sent $bytes_received '
'$session_time';
log_format test '--$remote_addr [$time_local] '
'--$ssl_preread_server_name $server_port --serveraddr:$server_addr --hostname:$hostname'
'--$ssl_server_name $ssl_server_name';
access_log /home/nginx/nginx-server/logs/stream-access.log basic;
access_log /home/nginx/nginx-server/logs/stream-test.log test;
# 此處四dns服務器ip
resolver 10.96.26.28;
server{
listen 443;
ssl_preread on;
proxy_connect_timeout 60;
proxy_pass $ssl_preread_server_name:$server_port;
}
}
7 、創建軟連接
ln -s /home/nginx/nginx-server/sbin/nginx /usr/sbin/
8、測試配置文件
nginx -t
9、啓動nginx
nginx
10、停止nginx
nginx -s stop
11、熱加載配置文件
nginx -s reload
12、配置服務自啓
crontab -e
添加下面兩行內容
# autostart nginx
@reboot /home/nginx/nginx-server/sbin/nginx -t && /home/nginx/nginx-server/sbin/nginx
13、檢查定時任務自啓
crontab -l
14、驗證服務是否啓動
ps -ef |grep nginx