Linux服务器多站点配置
一、架构介绍
[root@blogs-v2 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 472c0400d2ea uhub.service.ucloud.cn/starcto/cloudreve:v1 "./cloudreve-main ..." 20 hours ago Up 20 hours 0.0.0.0:5212->5212/tcp cloudreve 7ad94d862fe7 cptactionhank/atlassian-confluence:latest "/docker-entrypoin..." 4 weeks ago Up 4 weeks 0.0.0.0:8090->8090/tcp, 8091/tcp root_wiki_1 fc3026d24ac3 mysql:5.7 "docker-entrypoint..." 4 weeks ago Up 4 weeks 33060/tcp, 0.0.0.0:33306->3306/tcp root_mysql_1 d7ff833adfe8 becivells/soar-web:latest "python /home/soar..." 8 weeks ago Up 3 weeks 0.0.0.0:5077->5077/tcp soar-web 8a929a029286 jupyter/all-spark-notebook "tini -g -- start-..." 2 months ago Up 4 weeks 0.0.0.0:8888->8888/tcp Jupyter 23403086ea88 869f61d5ed40 "/entrypoint /bin/..." 2 months ago Up 4 weeks 443/tcp, 9000/tcp, 0.0.0.0:8080->80/tcp showdoc 5073a8f5eb11 minio/minio "/usr/bin/docker-e..." 3 months ago Up 4 weeks 0.0.0.0:9001->9001/tcp, 0.0.0.0:9002->9000/tcp minio 0ec9822cad5d mongo:3.0 "docker-entrypoint..." 4 months ago Up 4 weeks 0.0.0.0:27017->27017/tcp note_mongodb 09b70024da09 my-mysql:5.7 "docker-entrypoint..." 4 months ago Up 4 weeks 0.0.0.0:3306->3306/tcp, 33060/tcp blogs_mysql
二、详细配置介绍
2.1 EyouCms博客
[root@blogs-v2 ~]# vim /etc/httpd/conf/httpd.conf Listen 8089 DocumentRoot "/var/www/html"
[root@blogs-v2 ~]# vim /etc/nginx/conf.d/starcto.com.conf server { listen 80; listen [::]:80; server_name starcto.com www.starcto.com; rewrite ^ https://$http_host$request_uri? permanent; } server { listen 443 ssl http2 ; listen [::]:443 ssl http2; server_name starcto.com www.starcto.com; ssl_certificate "/data/ssl/starcto.com/public.pem"; ssl_certificate_key "/data/ssl/starcto.com/private.key"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://10.25.203.134:8089; proxy_ssl_session_reuse off; # 解决https代理的SSL_do_handshake() 握手失败 proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }
[root@blogs-v2 ~]# vim /etc/nginx/conf.d/m.starcto.com.conf server { listen 80; listen [::]:80; server_name m.starcto.com; rewrite ^ https://$http_host$request_uri? permanent; } server { listen 443 ssl http2 ; listen [::]:443 ssl http2; server_name m.starcto.com; ssl_certificate "/data/ssl/starcto.com/public.pem"; ssl_certificate_key "/data/ssl/starcto.com/private.key"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://10.25.203.134:8089; proxy_ssl_session_reuse off; # 解决https代理的SSL_do_handshake() 握手失败 proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }
2.2 MinIO
【注】前半部分是全局配置,记录错误日志和获取客户端请求的真实IP地址。
[root@blogs-v2 ~]# vim /etc/nginx/nginx.conf #worker_processes 1; worker_processes auto; error_log /var/log/nginx/error.log; # error_log是个主模块指令,用来定义全局错误日志文件。日志输出级别有debug、info、notice、warn、error、crit可供选择,其中,debug输出日志最为最详细,而crit输出日志最少 error_log /var/log/nginx/error.log notice; error_log /var/log/nginx/error.log info; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; log_format access_json '{"@timestamp":"$time_iso8601",' '"host":"$server_addr",' '"clientip":"$remote_addr",' '"proto":"$scheme",' '"size":$body_bytes_sent,' '"responsetime":$request_time,' '"upstreamtime":"$upstream_response_time",' '"upstreamhost":"$upstream_addr",' '"http_host":"$host",' '"uri":"$uri",' '"domain":"$host",' '"xff":"$http_x_forwarded_for",' '"xf_proto":"$http_x_forwarded_proto",' '"referer":"$http_referer",' '"tcp_xff":"$proxy_protocol_addr",' '"http_user_agent":"$http_user_agent",' '"status":"$status"}'; access_log /var/log/nginx/all.starcto.com.access.log access_json; include /etc/nginx/conf.d/*.conf; # 80-443强制跳转 server { listen 80; listen [::]:80; server_name img.starcto.com; rewrite ^ https://$http_host$request_uri? permanent; } # 443配置 server { listen 443 ssl http2 ; listen [::]:443 ssl http2; server_name img.starcto.com; ssl_certificate "/data/ssl/img.starcto.com/public.pem"; ssl_certificate_key "/data/ssl/img.starcto.com/private.key"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://10.25.203.134:9001; proxy_ssl_session_reuse off; # 解决https代理的SSL_do_handshake() 握手失败 proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } }
[root@blogs-v2 ~]# vim /etc/nginx/conf.d/imgdata.starcto.com.conf # MinIO数据传输通道 server { listen 80; server_name img.starcto.com; location / { proxy_pass http://10.25.203.134:9002; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 10240m; #nginx配置上传文件大小(10G) proxy_redirect off; proxy_connect_timeout 240; proxy_send_timeout 240; proxy_read_timeout 3600; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } }
2.3 showdoc
[root@blogs-v2 ~]# vim /etc/nginx/conf.d/showdoc.starcto.com.conf server { listen 80; listen [::]:80; server_name showdoc.starcto.com; rewrite ^ https://$http_host$request_uri? permanent; } server { listen 443 ssl http2 ; listen [::]:443 ssl http2; server_name showdoc.starcto.com; ssl_certificate "/data/ssl/showdoc.starcto.com/public.pem"; ssl_certificate_key "/data/ssl/showdoc.starcto.com/private.key"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://10.25.203.134:8080; proxy_ssl_session_reuse off; # 解决https代理的SSL_do_handshake() 握手失败 proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }
2.4 leanote
[root@blogs-v2 ~]# vim /etc/nginx/conf.d/note.starcto.com.conf # 80-443强制跳转配置 server { listen 80; listen [::]:80; server_name note.starcto.com; rewrite ^ https://$http_host$request_uri? permanent; } # 443配置 server { listen 443 ssl http2 ; listen [::]:443 ssl http2; server_name note.starcto.com; ssl_certificate "/data/ssl/note.starcto.com/public.pem"; ssl_certificate_key "/data/ssl/note.starcto.com/private.key"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://10.25.203.134:9000; proxy_ssl_session_reuse off; # 解决https代理的SSL_do_handshake() 握手失败 proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }
2.5 jupyter
[root@blogs-v2 ~]# vim /etc/nginx/conf.d/jupyter.starcto.com.conf server { listen 80; listen [::]:80; server_name jupyter.starcto.com; rewrite ^ https://$http_host$request_uri? permanent; } server { listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; server_name jupyter.starcto.com; ssl_certificate "/data/ssl/jupyter.starcto.com/public.pem"; ssl_certificate_key "/data/ssl/jupyter.starcto.com/private.key"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://10.25.203.134:8888; proxy_ssl_session_reuse off; # 解决https代理的SSL_do_handshake() 握手失败 proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }
2.6 cloudreve
[root@blogs-v2 ~]# vim /etc/nginx/conf.d/cloudreve.starcto.com.conf server { listen 80; listen [::]:80; server_name cloudreve.starcto.com; rewrite ^ https://$http_host$request_uri? permanent; } server { listen 443 ssl http2 ; listen [::]:443 ssl http2; server_name cloudreve.starcto.com; ssl_certificate "/data/ssl/cloudreve.starcto.com/public.pem"; ssl_certificate_key "/data/ssl/cloudreve.starcto.com/private.key"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://10.25.203.134:5212; client_max_body_size 10240m; #nginx配置上传文件大小(10G) proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }
2.7 confluence
[root@blogs-v2 ~]# vim /etc/nginx/conf.d/ushare.starcto.com.conf server { listen 80; listen [::]:80; server_name ushare.starcto.com; rewrite ^ https://$http_host$request_uri? permanent; } server { listen 443 ssl http2 ; listen [::]:443 ssl http2; server_name ushare.starcto.com; ssl_certificate "/data/ssl/ushare.starcto.com/public.pem"; ssl_certificate_key "/data/ssl/ushare.starcto.com/private.key"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://10.25.203.134:8090; client_max_body_size 10240m; proxy_ssl_session_reuse off; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }
2.8 其他数据
[root@blogs-v2 ~]# tree /etc/nginx/conf.d/ /etc/nginx/conf.d/ ├── cloudreve.starcto.com.conf ├── imgdata.starcto.com.conf ├── jupyter.starcto.com.conf ├── m.starcto.com.conf ├── note.starcto.com.conf ├── showdoc.starcto.com.conf ├── soar.starcto.com.conf ├── starcto.com.conf ├── starcto.com.conf.bak ├── ucloudstor.starcto.com.conf └── ushare.starcto.com.conf 0 directories, 11 files [root@blogs-v2 ~]# tree /data/ssl/ /data/ssl/ ├── cloudreve.starcto.com │ ├── private.key │ └── public.pem ├── img.starcto.com │ ├── private.key │ └── public.pem ├── jupyter.starcto.com │ ├── private.key │ └── public.pem ├── note.starcto.com │ ├── private.key │ └── public.pem ├── showdoc.starcto.com │ ├── private.key │ └── public.pem ├── soar.starcto.com │ ├── private.key │ └── public.pem ├── starcto.com │ ├── private.key │ └── public.pem ├── ucloudstor.starcto.com │ ├── private.key │ └── public.pem └── ushare.starcto.com ├── private.key └── public.pem
作者:UStarGao
链接:https://www.starcto.com/application_of_operational/229.html
来源:STARCTO
著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。
UCloud云平台推荐
随便看看
- 2021-05-21第三方常用工具收录
- 2021-01-26K8S核心概念
- 2021-03-05MySQL 用户与权限管理
- 2023-08-18Linux 数据盘盘符变化导致启动异常
- 2021-03-20Docker容器网络管理