Мультидоменный nginx и Jelastic?
День добрый.
При построении архитектуры проекта возникла серьёзная проблема — «моя не знать динамические виртуальные хосты nginx».
Проект имеет следующую стандартную структуру:
балансировщик nginx (их число может расти автоматически, если всё будет плохо) распределяют трафик на 6 нод с тем же nginx.
Структура пользовательских доменов будет выглядеть следующим образом:
/var/www/webroot/ROOT/domain1.ru/site1 должно понимать как site1.domain1.ru
/var/www/webroot/ROOT/domain2.ru/site1 соответственно site1.domain2.ru
и так далее по тому же принципу. Есть конфиги Jelastic из коробки
Конфиг балансировщика:
######## HTTP SECTION PROTOTYPE ######## http { server_tokens off; include /etc/nginx/mime.types; default_type application/octet-stream; set_real_ip_from 192.168.0.0/16; set_real_ip_from 10.0.0.0/8; set_real_ip_from 172.16.0.0/16; real_ip_header X-Forwarded-For; real_ip_recursive on; log_format main '"$http_x_forwarded_for" — $remote_user [$time_local] ' '"$request" $status $bytes_sent ' '"$http_referer" "$http_user_agent" ' '"$gzip_ratio"'; client_header_timeout 10m; client_body_timeout 10m; send_timeout 10m; client_max_body_size 50m; connection_pool_size 256; client_header_buffer_size 1k; large_client_header_buffers 4 2k; request_pool_size 4k; # gzip on; gzip_min_length 1100; gzip_buffers 4 8k; gzip_types text/plain; output_buffers 1 32k; postpone_output 1460; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 75 20; ignore_invalid_headers on; map $upstream_addr $group { default ""; ### MAPPING FOLLOWS HERE ### ### ~XXX\.XXX\.XXX\.XXX\:XX$ $GROUPNAME; ### MAPPROTO ### This is mappings prototype line, do not remove this! ~10\.50\.14\.57\:80$ common; ~10\.50\.14\.62\:80$ common; ### MAPPROTO for common ### } ### DEFAULT UPSTREAM FOLLOWS HERE ### upstream default_upstream{ ### server XXX.XXX.XXX.XXX; ### $GROUPNAME ### DEFUPPROTO ### server 10.50.14.57; server 10.50.14.62; server 10.50.14.54 backup; ### DEFUPPROTO for common ### sticky path=/; } ### UPSTREAMS LIST FOLLOWS HERE ### #upstream nodes{ server XXX.XXX.XXX.XXX; server 127.0.0.1:8001 backup # UPSTREAMPROTO # This is upstream prototype line, do not remove this! } upstream common { server 10.50.14.54 backup; server 10.50.14.57; server 10.50.14.62; sticky path=/; } ### UPSTREAMPROTO for common ### #GFADMIN server { listen *:80; server_name localhost; access_log /var/log/nginx/localhost.access_log main; error_log /var/log/nginx/localhost.error_log info; proxy_temp_path /var/nginx/tmp/; proxy_connect_timeout 5s; error_page 500 502 503 504 /50x.html; proxy_next_upstream error timeout http_500; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Host $http_host; proxy_set_header X-Forwarded-For $http_x_forwarded_for; proxy_set_header X-URI $uri; proxy_set_header X-ARGS $args; proxy_set_header Refer $http_refer; location = /50x.html { root html; } location / { if ($cookie_SRVGROUP ~ group|common) { proxy_pass http://$cookie_SRVGROUP; error_page 500 502 503 504 = @rescue; } if ($cookie_SRVGROUP !~ group|common) { add_header Set-Cookie «SRVGROUP=$group; path=/»; } proxy_pass default_upstream; add_header Set-Cookie «SRVGROUP=$group; path=/»; } location @rescue { proxy_pass default_upstream; add_header Set-Cookie «SRVGROUP=$group; path=/»; } #USERLOCATIONS } server { listen *:8001; server_name backup.local; location / { proxy_pass default_upstream; add_header Set-Cookie «SRVGROUP=$group; path=/»; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Host $http_host; proxy_set_header X-Forwarded-For $http_x_forwarded_for; proxy_set_header X-URI $uri; proxy_set_header X-ARGS $args; proxy_set_header Refer $http_refer; } } include /etc/nginx/conf.d/*.conf; } ######## TCP SECTION PROTOTYPE ######## tcp { server { listen 825; proxy_pass common; access_log /var/log/nginx/tcp_access.log; } upstream common { server 10.50.14.57:825; server 10.50.14.62:825; ### UPSTREAMPROTO for common ### check interval=3000 rise=2 fall=5 timeout=1000; #check interval=3000 rise=2 fall=5 timeout=1000 type=ssl_hello; #check interval=3000 rise=2 fall=5 timeout=1000 type=http; #check_http_send «GET / HTTP/1.0\r\n\r\n»; #check_http_expect_alive http_2xx http_3xx; } } tcp { server { listen 110; proxy_pass common; access_log /var/log/nginx/tcp_access.log; } upstream common { server 10.50.14.57:810; server 10.50.14.62:810; ### UPSTREAMPROTO for common ### check interval=3000 rise=2 fall=5 timeout=1000; #check interval=3000 rise=2 fall=5 timeout=1000 type=ssl_hello; #check interval=3000 rise=2 fall=5 timeout=1000 type=http; #check_http_send «GET / HTTP/1.0\r\n\r\n»; #check_http_expect_alive http_2xx http_3xx; } } tcp { server { listen 143; proxy_pass common; access_log /var/log/nginx/tcp_access.log; } upstream common { server 10.50.14.57:843; server 10.50.14.62:843; ### UPSTREAMPROTO for common ### check interval=3000 rise=2 fall=5 timeout=1000; #check interval=3000 rise=2 fall=5 timeout=1000 type=ssl_hello; #check interval=3000 rise=2 fall=5 timeout=1000 type=http; #check_http_send «GET / HTTP/1.0\r\n\r\n»; #check_http_expect_alive http_2xx http_3xx; } }
Конфиг ноды:
#user nobody; worker_processes 1; error_log /var/log/nginx/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { server_tokens off; include mime.types; default_type application/octet-stream; log_format main '$http_x_forwarded_for — $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { listen 80; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; include /etc/nginx/aliases.conf; location / { root /var/www/webroot/ROOT; index index.html index.htm index.php; location ~ \.php$ { location ~ /\. { deny all; access_log off; log_not_found off; } include /etc/nginx/fastcgi_params; fastcgi_pass 127.0.0.1:9000; fastcgi_param SCRIPT_FILENAME /var/www/webroot/ROOT$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_script_name; fastcgi_param DOCUMENT_ROOT /var/www/webroot/ROOT; } } index index.php index.html index.htm; #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass 127.0.0.1; #} location ~ /\. { deny all; access_log off; log_not_found off; } # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} location ~ \.php$ { location ~ /\. { deny all; access_log off; log_not_found off; } include /etc/nginx/fastcgi_params; fastcgi_pass 127.0.0.1:9000; fastcgi_param SCRIPT_FILENAME /var/www/webroot$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_script_name; fastcgi_param DOCUMENT_ROOT /var/www/webroot; } } include /etc/nginx/conf.d/*.conf; }
Так вот вопрос, как научить nginx работать динамично с поддоменами, да ещё и безопасно?
При построении архитектуры проекта возникла серьёзная проблема — «моя не знать динамические виртуальные хосты nginx».
Проект имеет следующую стандартную структуру:
балансировщик nginx (их число может расти автоматически, если всё будет плохо) распределяют трафик на 6 нод с тем же nginx.
Структура пользовательских доменов будет выглядеть следующим образом:
/var/www/webroot/ROOT/domain1.ru/site1 должно понимать как site1.domain1.ru
/var/www/webroot/ROOT/domain2.ru/site1 соответственно site1.domain2.ru
и так далее по тому же принципу. Есть конфиги Jelastic из коробки
Конфиг балансировщика:
######## HTTP SECTION PROTOTYPE ######## http { server_tokens off; include /etc/nginx/mime.types; default_type application/octet-stream; set_real_ip_from 192.168.0.0/16; set_real_ip_from 10.0.0.0/8; set_real_ip_from 172.16.0.0/16; real_ip_header X-Forwarded-For; real_ip_recursive on; log_format main '"$http_x_forwarded_for" — $remote_user [$time_local] ' '"$request" $status $bytes_sent ' '"$http_referer" "$http_user_agent" ' '"$gzip_ratio"'; client_header_timeout 10m; client_body_timeout 10m; send_timeout 10m; client_max_body_size 50m; connection_pool_size 256; client_header_buffer_size 1k; large_client_header_buffers 4 2k; request_pool_size 4k; # gzip on; gzip_min_length 1100; gzip_buffers 4 8k; gzip_types text/plain; output_buffers 1 32k; postpone_output 1460; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 75 20; ignore_invalid_headers on; map $upstream_addr $group { default ""; ### MAPPING FOLLOWS HERE ### ### ~XXX\.XXX\.XXX\.XXX\:XX$ $GROUPNAME; ### MAPPROTO ### This is mappings prototype line, do not remove this! ~10\.50\.14\.57\:80$ common; ~10\.50\.14\.62\:80$ common; ### MAPPROTO for common ### } ### DEFAULT UPSTREAM FOLLOWS HERE ### upstream default_upstream{ ### server XXX.XXX.XXX.XXX; ### $GROUPNAME ### DEFUPPROTO ### server 10.50.14.57; server 10.50.14.62; server 10.50.14.54 backup; ### DEFUPPROTO for common ### sticky path=/; } ### UPSTREAMS LIST FOLLOWS HERE ### #upstream nodes{ server XXX.XXX.XXX.XXX; server 127.0.0.1:8001 backup # UPSTREAMPROTO # This is upstream prototype line, do not remove this! } upstream common { server 10.50.14.54 backup; server 10.50.14.57; server 10.50.14.62; sticky path=/; } ### UPSTREAMPROTO for common ### #GFADMIN server { listen *:80; server_name localhost; access_log /var/log/nginx/localhost.access_log main; error_log /var/log/nginx/localhost.error_log info; proxy_temp_path /var/nginx/tmp/; proxy_connect_timeout 5s; error_page 500 502 503 504 /50x.html; proxy_next_upstream error timeout http_500; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Host $http_host; proxy_set_header X-Forwarded-For $http_x_forwarded_for; proxy_set_header X-URI $uri; proxy_set_header X-ARGS $args; proxy_set_header Refer $http_refer; location = /50x.html { root html; } location / { if ($cookie_SRVGROUP ~ group|common) { proxy_pass http://$cookie_SRVGROUP; error_page 500 502 503 504 = @rescue; } if ($cookie_SRVGROUP !~ group|common) { add_header Set-Cookie «SRVGROUP=$group; path=/»; } proxy_pass default_upstream; add_header Set-Cookie «SRVGROUP=$group; path=/»; } location @rescue { proxy_pass default_upstream; add_header Set-Cookie «SRVGROUP=$group; path=/»; } #USERLOCATIONS } server { listen *:8001; server_name backup.local; location / { proxy_pass default_upstream; add_header Set-Cookie «SRVGROUP=$group; path=/»; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Host $http_host; proxy_set_header X-Forwarded-For $http_x_forwarded_for; proxy_set_header X-URI $uri; proxy_set_header X-ARGS $args; proxy_set_header Refer $http_refer; } } include /etc/nginx/conf.d/*.conf; } ######## TCP SECTION PROTOTYPE ######## tcp { server { listen 825; proxy_pass common; access_log /var/log/nginx/tcp_access.log; } upstream common { server 10.50.14.57:825; server 10.50.14.62:825; ### UPSTREAMPROTO for common ### check interval=3000 rise=2 fall=5 timeout=1000; #check interval=3000 rise=2 fall=5 timeout=1000 type=ssl_hello; #check interval=3000 rise=2 fall=5 timeout=1000 type=http; #check_http_send «GET / HTTP/1.0\r\n\r\n»; #check_http_expect_alive http_2xx http_3xx; } } tcp { server { listen 110; proxy_pass common; access_log /var/log/nginx/tcp_access.log; } upstream common { server 10.50.14.57:810; server 10.50.14.62:810; ### UPSTREAMPROTO for common ### check interval=3000 rise=2 fall=5 timeout=1000; #check interval=3000 rise=2 fall=5 timeout=1000 type=ssl_hello; #check interval=3000 rise=2 fall=5 timeout=1000 type=http; #check_http_send «GET / HTTP/1.0\r\n\r\n»; #check_http_expect_alive http_2xx http_3xx; } } tcp { server { listen 143; proxy_pass common; access_log /var/log/nginx/tcp_access.log; } upstream common { server 10.50.14.57:843; server 10.50.14.62:843; ### UPSTREAMPROTO for common ### check interval=3000 rise=2 fall=5 timeout=1000; #check interval=3000 rise=2 fall=5 timeout=1000 type=ssl_hello; #check interval=3000 rise=2 fall=5 timeout=1000 type=http; #check_http_send «GET / HTTP/1.0\r\n\r\n»; #check_http_expect_alive http_2xx http_3xx; } }
Конфиг ноды:
#user nobody; worker_processes 1; error_log /var/log/nginx/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { server_tokens off; include mime.types; default_type application/octet-stream; log_format main '$http_x_forwarded_for — $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { listen 80; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; include /etc/nginx/aliases.conf; location / { root /var/www/webroot/ROOT; index index.html index.htm index.php; location ~ \.php$ { location ~ /\. { deny all; access_log off; log_not_found off; } include /etc/nginx/fastcgi_params; fastcgi_pass 127.0.0.1:9000; fastcgi_param SCRIPT_FILENAME /var/www/webroot/ROOT$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_script_name; fastcgi_param DOCUMENT_ROOT /var/www/webroot/ROOT; } } index index.php index.html index.htm; #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass 127.0.0.1; #} location ~ /\. { deny all; access_log off; log_not_found off; } # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} location ~ \.php$ { location ~ /\. { deny all; access_log off; log_not_found off; } include /etc/nginx/fastcgi_params; fastcgi_pass 127.0.0.1:9000; fastcgi_param SCRIPT_FILENAME /var/www/webroot$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_script_name; fastcgi_param DOCUMENT_ROOT /var/www/webroot; } } include /etc/nginx/conf.d/*.conf; }
Так вот вопрос, как научить nginx работать динамично с поддоменами, да ещё и безопасно?
Похожие публикации
Out of memory (VPS)
Нужен совет по фиксированному IP для сайта
Проблемы с хостингом
Посоветуйте бесплатный хостинг
Взлом сервера
Нет комментариев