主配置文件
[root@nginx-66 conf]# cat nginx.conf
user nginx;
worker_processes auto;
events {
worker_connections 1024;
}
stream {
log_format proxy '客户端IP:$remote_addr 访问时间:[$time_local] '
'$protocol $status $bytes_sent $bytes_received'
'$session_time "$upstream_addr" '
'"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
access_log /data/nginx/logs/k8s-access.log proxy;
include /data/nginx/conf/vhost/*.stream;
}
http {
include mime.types;
default_type application/octet-stream;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
log_format json '客户端IP:$remote_addr '
'访问时间:$time_iso8601 '
'服务器IP:$server_addr '
'服务器返回大小:$body_bytes_sent '
'请求处理总时间:$request_time '
'后端服务器响应时间:$upstream_response_time '
'后端服务器地址:$upstream_addr '
'请求的域名:$host '
'请求的URL:$uri '
'请求来源:$http_referer '
'用户代理字符串:$http_user_agent '
'响应状态码:$status';
access_log logs/access.log json;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
client_max_body_size 500m;
include vhost/*.conf;
}
分离配置文件
[root@nginx-66 conf]# cat vhost/hzrmt.conf
upstream hz {
server 172.30.42.2:80 max_fails=3 fail_timeout=30s;
}
server {
listen 443 ssl;
server_name rmt.gxhzxw.cn;
charset utf-8;
ssl_certificate /data/nginx/conf/ssl/gxhzxw.cn.pem;
ssl_certificate_key /data/nginx/conf/ssl/gxhzxw.cn.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://hz;
proxy_connect_timeout 90; # 与后端服务器建立连接的超时时间
proxy_send_timeout 90; # 发送请求到后端服务器的超时时间
proxy_read_timeout 90; # 从后端服务器读取响应的超时时间
root html;
index index.html index.htm;
}
}
server {
listen 443 ssl;
server_name zuul.gxhzxw.cn;
charset utf-8;
ssl_certificate /data/nginx/conf/ssl/gxhzxw.cn.pem;
ssl_certificate_key /data/nginx/conf/ssl/gxhzxw.cn.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://hz;
proxy_connect_timeout 90; # 与后端服务器建立连接的超时时间
proxy_send_timeout 90; # 发送请求到后端服务器的超时时间
proxy_read_timeout 90; # 从后端服务器读取响应的超时时间
root html;
index index.html index.htm;
}
}
server {
listen 443 ssl;
server_name static.gxhzxw.cn;
charset utf-8;
ssl_certificate /data/nginx/conf/ssl/gxhzxw.cn.pem;
ssl_certificate_key /data/nginx/conf/ssl/gxhzxw.cn.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://hz;
proxy_connect_timeout 90; # 与后端服务器建立连接的超时时间
proxy_send_timeout 90; # 发送请求到后端服务器的超时时间
proxy_read_timeout 90; # 从后端服务器读取响应的超时时间
root html;
index index.html index.htm;
}
}
tcp代理配置
upstream kube-api {
server 172.30.42.60:6443 max_fails=3 fail_timeout=30s;
server 172.30.42.61:6443 max_fails=3 fail_timeout=30s;
server 172.30.42.62:6443 max_fails=3 fail_timeout=30s;
}
server {
listen 8443;
proxy_connect_timeout 10s;
proxy_timeout 30s;
proxy_pass kube-api;
}
