一、寫在前面
最近需要把阿里云上的四臺服務(wù)器的項目遷移到客戶提供的新的項目中,原來的四臺服務(wù)器中用到了一級域名和二級域名。比如aaa.abc.com 和bbb.abc.com 和ccc.abc.com。其中aaa.abc.com登錄,通過把cookie中的信息setDomain給.abc.com。其他系統(tǒng)可以共享這個cookie。但是新的四臺服務(wù)器中并沒有申請域名,只有四個ip:
192.168.0.1 單點登錄服務(wù)器
192.168.0.2
192.168.0.3
192.168.0.4
因為每臺服務(wù)器有兩個項目,都用到單點登錄,所以通過修改新的共享登錄方式花費時間太多,于是在網(wǎng)上搜cookie的跨域登錄,嘗試了下,在192.168.0.1 單點登錄服務(wù)器中多次setDomain分別給2、3、4服務(wù)器,結(jié)果不理想,因為瀏覽器不允許。后來無意中看到nginx可以通過欺騙的方式共享cookie。于是想到原來公司部署nginx還有這層用法。
二、原來的nginx配置
先說下nginx的安裝,這個網(wǎng)上都有很多教程,不在贅述,我是參照于在Linux里安裝、啟動nginx。需要注意的是./configure后面的各種with,我在配置啟動過程遇到了一些問題:
|
1
|
nginx: [emerg] unknown directive "aio" in |
加上--with-file-aio
復(fù)制代碼 代碼如下:
Starting nginx: nginx: [emerg] the INET6 sockets are not supported on this platform in “[::]:80” of the
在后面加上--with-ipv6好使。
安裝完成后。主要是nginx.conf的配置
原來服務(wù)器的配置nginx.conf:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
# For more information on configuration, see:# * Official English Documentation: http://nginx.org/en/docs/# * Official Russian Documentation: http://nginx.org/ru/docs/user root;worker_processes 2;worker_cpu_affinity 1000 0100;error_log logs/error.log;pid logs/nginx.pid;events { worker_connections 2048;}http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log logs/access.log main; gzip on; gzip_min_length 1000; gzip_buffers 4 8k; gzip_types text/plain application/javascript application/x-javascript text/css application/xml; client_max_body_size 8M; client_body_buffer_size 128k; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include mime.types; default_type application/octet-stream; connection_pool_size 512; aio on; open_file_cache max=1000 inactive=20s; # Load modular configuration files from the /etc/nginx/conf.d directory. # See http://nginx.org/en/docs/ngx_core_module.html#include # for more information. # 主要配置在這里,nginx.conf配置都是一樣 include /usr/local/nginx/conf/conf.d/*.conf; server { listen 80 default_server; listen [::]:80 ipv6only=on default_server; server_name _; root html; # Load configuration files for the default server block. include /usr/local/nginx/conf/default.d/*.conf; location / { } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } }} |
原來服務(wù)器的
conf.d/*.conf的配置是reverse-proxy.conf
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
server{ listen 80; server_name m.abc.com.cn; location / { root /usr/share/nginx/html/; index index.html index.htm; } location ~ .(jsp|do)?$ { proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://localhost:8084; } if ($http_user_agent ~* "qihoobot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot") { return 403; } access_log /home/logs/nginx/m.abc.com.cn_access.log;} server{ listen 80; server_name store.abc.com.cn *.store.abc.com.cn; location / { proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://localhost:8081; } access_log /home/logs/nginx/store.abc.com.cn_access.log;}server{ listen 80; server_name shopcenter.abc.com.cn; location / { proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://10.45.100.222:8082; } access_log /home/logs/nginx/shopcenter.abc.com.cn_access.log;} server{ listen 80; server_name search.abc.com.cn; location / { proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://10.45.100.68:8083; } access_log /home/logs/nginx/search.abc.com.cn_access.log;} |
以上配置后,nginx啟動后,通過訪問不同的域名來訪問不同服務(wù)器。而因為都有二級域名.abc.com.cn。所以可以共享cookie。
nginx的文件結(jié)構(gòu)為:
三、修改后的nginx配置
主要是reverse-proxy.conf 不同
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
server{ listen 9998; server_name 192.168.0.1:9998; location /servlets/ { proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://192.168.0.1:8088; } location / { root /usr/local/nginx/html/web/; index index.html index.htm; } location ~ .(jsp|do)?$ { proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://192.168.0.1:8088; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_read_timeout 700s; } if ($http_user_agent ~* "qihoobot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot") { return 403; } access_log /usr/local/nginx/logs/www.abc.com.cn_access.log;}server{ listen 9994; server_name 192.168.0.1:9994; location / { proxy_redirect off; root /usr/local/nginx/html/weixin/; index index.html index.htm; } location ~ .(jsp|do)?$ { proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://localhost:8084; } if ($http_user_agent ~* "qihoobot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot") { return 403; } access_log /usr/local/nginx/logs/m.abc.com.cn_access.log;} server{ listen 9990; server_name store.abc.com.cn *.store.abc.com.cn; location / { proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://localhost:8081; } access_log /usr/local/nginx/logs/store.abc.com.cn_access.log;}server{ listen 9992; server_name 192.168.0.1:9992; location / { proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://192.168.0.2:8082; } access_log /usr/local/nginx/logs/shopcenter.abc.com.cn_access.log;} server{ listen 9993; server_name 192.168.0.1:9993; location / { proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://192.168.0.3:8083; } access_log /usr/local/nginx/logs/search.abc.com.cn_access.log;} |
這樣就可以把192.168.0.1:9998 當(dāng)做單點服務(wù)器,登錄后的domain都為192.168.0.1 。其他的0.2、0.3都可以通過192.168.0.1nginx和單點服務(wù)器的不同端口訪問,那么就可以共享這個0.1的域名了。
四、最后
好吧,可能描述的不是那么清楚,有點亂。我所做的工作就是把原來的nginx配置中的端口和域名改成新服務(wù)器中的唯一一個ip把這個ip當(dāng)做那個域名,不同端口對應(yīng)不同二級域名。
以上就是本文的全部內(nèi)容,希望對大家的學(xué)習(xí)有所幫助,也希望大家多多支持服務(wù)器之家。
原文鏈接:http://www.cnblogs.com/minzhousblogs/p/9023391.html
