Linux服务器多站点配置
一、架构介绍
[root@blogs-v2 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 472c0400d2ea uhub.service.ucloud.cn/starcto/cloudreve:v1 "./cloudreve-main ..." 20 hours ago Up 20 hours 0.0.0.0:5212->5212/tcp cloudreve 7ad94d862fe7 cptactionhank/atlassian-confluence:latest "/docker-entrypoin..." 4 weeks ago Up 4 weeks 0.0.0.0:8090->8090/tcp, 8091/tcp root_wiki_1 fc3026d24ac3 mysql:5.7 "docker-entrypoint..." 4 weeks ago Up 4 weeks 33060/tcp, 0.0.0.0:33306->3306/tcp root_mysql_1 d7ff833adfe8 becivells/soar-web:latest "python /home/soar..." 8 weeks ago Up 3 weeks 0.0.0.0:5077->5077/tcp soar-web 8a929a029286 jupyter/all-spark-notebook "tini -g -- start-..." 2 months ago Up 4 weeks 0.0.0.0:8888->8888/tcp Jupyter 23403086ea88 869f61d5ed40 "/entrypoint /bin/..." 2 months ago Up 4 weeks 443/tcp, 9000/tcp, 0.0.0.0:8080->80/tcp showdoc 5073a8f5eb11 minio/minio "/usr/bin/docker-e..." 3 months ago Up 4 weeks 0.0.0.0:9001->9001/tcp, 0.0.0.0:9002->9000/tcp minio 0ec9822cad5d mongo:3.0 "docker-entrypoint..." 4 months ago Up 4 weeks 0.0.0.0:27017->27017/tcp note_mongodb 09b70024da09 my-mysql:5.7 "docker-entrypoint..." 4 months ago Up 4 weeks 0.0.0.0:3306->3306/tcp, 33060/tcp blogs_mysql
二、详细配置介绍
2.1 EyouCms博客
[root@blogs-v2 ~]# vim /etc/httpd/conf/httpd.conf Listen 8089 DocumentRoot "/var/www/html"
[root@blogs-v2 ~]# vim /etc/nginx/conf.d/starcto.com.conf
server {
listen 80;
listen [::]:80;
server_name starcto.com www.starcto.com;
rewrite ^ https://$http_host$request_uri? permanent;
}
server {
listen 443 ssl http2 ;
listen [::]:443 ssl http2;
server_name starcto.com www.starcto.com;
ssl_certificate "/data/ssl/starcto.com/public.pem";
ssl_certificate_key "/data/ssl/starcto.com/private.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://10.25.203.134:8089;
proxy_ssl_session_reuse off; # 解决https代理的SSL_do_handshake() 握手失败
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}[root@blogs-v2 ~]# vim /etc/nginx/conf.d/m.starcto.com.conf
server {
listen 80;
listen [::]:80;
server_name m.starcto.com;
rewrite ^ https://$http_host$request_uri? permanent;
}
server {
listen 443 ssl http2 ;
listen [::]:443 ssl http2;
server_name m.starcto.com;
ssl_certificate "/data/ssl/starcto.com/public.pem";
ssl_certificate_key "/data/ssl/starcto.com/private.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://10.25.203.134:8089;
proxy_ssl_session_reuse off; # 解决https代理的SSL_do_handshake() 握手失败
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}2.2 MinIO
【注】前半部分是全局配置,记录错误日志和获取客户端请求的真实IP地址。
[root@blogs-v2 ~]# vim /etc/nginx/nginx.conf
#worker_processes 1;
worker_processes auto;
error_log /var/log/nginx/error.log; # error_log是个主模块指令,用来定义全局错误日志文件。日志输出级别有debug、info、notice、warn、error、crit可供选择,其中,debug输出日志最为最详细,而crit输出日志最少
error_log /var/log/nginx/error.log notice;
error_log /var/log/nginx/error.log info;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
log_format access_json '{"@timestamp":"$time_iso8601",'
'"host":"$server_addr",'
'"clientip":"$remote_addr",'
'"proto":"$scheme",'
'"size":$body_bytes_sent,'
'"responsetime":$request_time,'
'"upstreamtime":"$upstream_response_time",'
'"upstreamhost":"$upstream_addr",'
'"http_host":"$host",'
'"uri":"$uri",'
'"domain":"$host",'
'"xff":"$http_x_forwarded_for",'
'"xf_proto":"$http_x_forwarded_proto",'
'"referer":"$http_referer",'
'"tcp_xff":"$proxy_protocol_addr",'
'"http_user_agent":"$http_user_agent",'
'"status":"$status"}';
access_log /var/log/nginx/all.starcto.com.access.log access_json;
include /etc/nginx/conf.d/*.conf;
# 80-443强制跳转
server {
listen 80;
listen [::]:80;
server_name img.starcto.com;
rewrite ^ https://$http_host$request_uri? permanent;
}
# 443配置
server {
listen 443 ssl http2 ;
listen [::]:443 ssl http2;
server_name img.starcto.com;
ssl_certificate "/data/ssl/img.starcto.com/public.pem";
ssl_certificate_key "/data/ssl/img.starcto.com/private.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://10.25.203.134:9001;
proxy_ssl_session_reuse off; # 解决https代理的SSL_do_handshake() 握手失败
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}[root@blogs-v2 ~]# vim /etc/nginx/conf.d/imgdata.starcto.com.conf
# MinIO数据传输通道
server {
listen 80;
server_name img.starcto.com;
location / {
proxy_pass http://10.25.203.134:9002;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10240m; #nginx配置上传文件大小(10G)
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 3600;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}2.3 showdoc
[root@blogs-v2 ~]# vim /etc/nginx/conf.d/showdoc.starcto.com.conf
server {
listen 80;
listen [::]:80;
server_name showdoc.starcto.com;
rewrite ^ https://$http_host$request_uri? permanent;
}
server {
listen 443 ssl http2 ;
listen [::]:443 ssl http2;
server_name showdoc.starcto.com;
ssl_certificate "/data/ssl/showdoc.starcto.com/public.pem";
ssl_certificate_key "/data/ssl/showdoc.starcto.com/private.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://10.25.203.134:8080;
proxy_ssl_session_reuse off; # 解决https代理的SSL_do_handshake() 握手失败
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}2.4 leanote
[root@blogs-v2 ~]# vim /etc/nginx/conf.d/note.starcto.com.conf
# 80-443强制跳转配置
server {
listen 80;
listen [::]:80;
server_name note.starcto.com;
rewrite ^ https://$http_host$request_uri? permanent;
}
# 443配置
server {
listen 443 ssl http2 ;
listen [::]:443 ssl http2;
server_name note.starcto.com;
ssl_certificate "/data/ssl/note.starcto.com/public.pem";
ssl_certificate_key "/data/ssl/note.starcto.com/private.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://10.25.203.134:9000;
proxy_ssl_session_reuse off; # 解决https代理的SSL_do_handshake() 握手失败
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}2.5 jupyter
[root@blogs-v2 ~]# vim /etc/nginx/conf.d/jupyter.starcto.com.conf
server {
listen 80;
listen [::]:80;
server_name jupyter.starcto.com;
rewrite ^ https://$http_host$request_uri? permanent;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name jupyter.starcto.com;
ssl_certificate "/data/ssl/jupyter.starcto.com/public.pem";
ssl_certificate_key "/data/ssl/jupyter.starcto.com/private.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://10.25.203.134:8888;
proxy_ssl_session_reuse off; # 解决https代理的SSL_do_handshake() 握手失败
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}2.6 cloudreve
[root@blogs-v2 ~]# vim /etc/nginx/conf.d/cloudreve.starcto.com.conf
server {
listen 80;
listen [::]:80;
server_name cloudreve.starcto.com;
rewrite ^ https://$http_host$request_uri? permanent;
}
server {
listen 443 ssl http2 ;
listen [::]:443 ssl http2;
server_name cloudreve.starcto.com;
ssl_certificate "/data/ssl/cloudreve.starcto.com/public.pem";
ssl_certificate_key "/data/ssl/cloudreve.starcto.com/private.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://10.25.203.134:5212;
client_max_body_size 10240m; #nginx配置上传文件大小(10G)
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}2.7 confluence
[root@blogs-v2 ~]# vim /etc/nginx/conf.d/ushare.starcto.com.conf
server {
listen 80;
listen [::]:80;
server_name ushare.starcto.com;
rewrite ^ https://$http_host$request_uri? permanent;
}
server {
listen 443 ssl http2 ;
listen [::]:443 ssl http2;
server_name ushare.starcto.com;
ssl_certificate "/data/ssl/ushare.starcto.com/public.pem";
ssl_certificate_key "/data/ssl/ushare.starcto.com/private.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://10.25.203.134:8090;
client_max_body_size 10240m;
proxy_ssl_session_reuse off;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}2.8 其他数据
[root@blogs-v2 ~]# tree /etc/nginx/conf.d/ /etc/nginx/conf.d/ ├── cloudreve.starcto.com.conf ├── imgdata.starcto.com.conf ├── jupyter.starcto.com.conf ├── m.starcto.com.conf ├── note.starcto.com.conf ├── showdoc.starcto.com.conf ├── soar.starcto.com.conf ├── starcto.com.conf ├── starcto.com.conf.bak ├── ucloudstor.starcto.com.conf └── ushare.starcto.com.conf 0 directories, 11 files [root@blogs-v2 ~]# tree /data/ssl/ /data/ssl/ ├── cloudreve.starcto.com │ ├── private.key │ └── public.pem ├── img.starcto.com │ ├── private.key │ └── public.pem ├── jupyter.starcto.com │ ├── private.key │ └── public.pem ├── note.starcto.com │ ├── private.key │ └── public.pem ├── showdoc.starcto.com │ ├── private.key │ └── public.pem ├── soar.starcto.com │ ├── private.key │ └── public.pem ├── starcto.com │ ├── private.key │ └── public.pem ├── ucloudstor.starcto.com │ ├── private.key │ └── public.pem └── ushare.starcto.com ├── private.key └── public.pem
作者:UStarGao
链接:https://www.starcto.com/application_of_operational/229.html
来源:STARCTO
著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。
UCloud云平台推荐
随便看看
- 2021-05-21第三方常用工具收录
- 2021-01-26K8S核心概念
- 2021-03-05MySQL 用户与权限管理
- 2023-08-18Linux 数据盘盘符变化导致启动异常
- 2021-03-20Docker容器网络管理
