碼上快樂

相關內容    簡體    繁體

使用Kubernete+Nginx做反向代理

本文轉載自   查看原文   2020-06-04 09:45   1275    nginx/ k8s

使用Kubernete+Nginx做反向代理

整體說明

有兩個服務:

方式1:使用2個不同的端口映射兩個服務

思路:

k8s配置文件中,配置兩個不同的nodePort,進行映射

k8s配置文件:

apiVersion: v1
kind: Service
metadata:
  name: nginx-tyyy
  labels:
    app: nginx
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
      nodePort: 31010  #用於映射madrids服務
      name: madrids
    - port: 81
      targetPort: 81
      protocol: TCP
      nodePort: 31009  #用於映射oauth服務
      name: oauth
  type: NodePort
  selector:
    app: nginx
    tier: nginx-tyyy
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx-tyyy
  labels:
    app: nginx
spec:
  replicas: 1
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: nginx
        tier: nginx-tyyy
    spec:
      containers:
      - image: xxxx/library/nginx:latest
        name: nginx-tyyy
        ports:
        - containerPort: 80
          name: nginx-tyyy
        volumeMounts:
        - mountPath: "/etc/nginx/conf.d"
          name: nginx-config
      volumes:
      - name: nginx-config
        hostPath:
          path: "/opt/data/config/tyyy/nginx"  #Nginx配置文件放置位置

nginx配置文件:(default.conf

server {
    keepalive_requests 120; #單連接請求上限次數。
    listen       81;   #監聽端口
    server_name  localhost;   #監聽地址
    location / {       #請求的url過濾,正則匹配,~為區分大小寫,~*為不區分大小寫。
       proxy_pass  http://10.254.9.21:31047/;  #請求轉向mysvr 定義的服務器列表
    }
}

server {
    listen       80;
    server_name  localhost;
    client_max_body_size 40960M;
    client_body_timeout  6000s;
    keepalive_timeout  60000;
    proxy_connect_timeout 60000;
    proxy_read_timeout 60000;
    #使用frame
    add_header X-Frame-Options SAMEORIGIN;
    gzip on;
    gzip_min_length 1k;
    gzip_buffers 4 16k;
    gzip_comp_level 2;
    gzip_types text/html application/javascript text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;

    location / {
        proxy_http_version 1.1;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Real-PORT $remote_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass   http://10.254.9.21:31046/;
    }


    error_page  404              /404.html;
        location = /404.html {
        root   /usr/share/nginx/html;
    }

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #    root           html;
    #    fastcgi_pass   127.0.0.1:9000;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}

}

結果演示:
image.png

image.png

代理流程

k8s的配置文件中:

    - port: 80
      targetPort: 80
      protocol: TCP
      nodePort: 31010  #用於映射madrids服務
      name: madrids
    - port: 81
      targetPort: 81
      protocol: TCP
      nodePort: 31009  #用於映射oauth服務
      name: oauth
  • 31010端口映射為Nginx服務的80端口
  • 31009端口映射為Nginx服務的81端口

80和81端口會在Nginx配置文件中體現;

server {
    keepalive_requests 120; 
    listen       81;   #監聽端口, 當請求k8s服務的31009端口時,會轉發到Nginx內部端口 81,所以這里針對81端口進行監聽
    server_name  localhost;  
    location / {
       proxy_pass  http://10.254.9.21:31047/; # 轉發到31047服務,即madrids服務
    }
}

server {
    listen       80; #監聽端口, 當請求k8s服務的31010端口時,會轉發到Nginx內部端口 80,所以這里針對80端口進行監聽
    server_name  localhost;
    ...
    location / {
        proxy_http_version 1.1;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Real-PORT $remote_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass   http://10.254.9.21:31046/;  # 轉發到31046服務,即oauth服務
    }
    ...
}

方式2:使用相同的端口映射兩個服務

Nginx配置文件:(default.conf)

server {
    listen       80;
    server_name  localhost;
    client_max_body_size 40960M;
    client_body_timeout  6000s;
    keepalive_timeout  60000;
    proxy_connect_timeout 60000;
    proxy_read_timeout 60000;
    #使用frame
    add_header X-Frame-Options SAMEORIGIN;
    gzip on;
    gzip_min_length 1k;
    gzip_buffers 4 16k;
    gzip_comp_level 2;
    gzip_types text/html application/javascript text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;

    location ~* /v1/(users|tenants|organizations|frontend|roles|districts|userSubusers|pods|providers|capacity|applications)/ {
        proxy_http_version 1.1;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Real-PORT $remote_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass   http://10.254.9.21:31046; #注意,后面沒有 "/"
    }

    location ~* /v1/(users|tenants|organizations|frontend|roles|districts|userSubusers|pods|providers|capacity|applications) {
        proxy_http_version 1.1;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Real-PORT $remote_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass   http://10.254.9.21:31046;  #注意,后面沒有 "/"
    }

    location /oauth/token/ {
        proxy_http_version 1.1;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Real-PORT $remote_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass   http://10.254.9.21:31047;  #注意,后面沒有 "/"
    }

    location /oauth/token {
        proxy_http_version 1.1;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Real-PORT $remote_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass   http://10.254.9.21:31047;  #注意,后面沒有 "/"
    }


    error_page  404              /404.html;
        location = /404.html {
        root   /usr/share/nginx/html;
    }

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #    root           html;
    #    fastcgi_pass   127.0.0.1:9000;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}

}

location中proxy_pass說明

  • 當proxy_pass添加 "/" 后綴時,則 location的匹配路徑不會作為URL的一部分
  • 當proxy_pass沒有 "/" 后綴時,則 location的匹配路徑會作為URL的一部分

image.png


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 使用nginx做反向代理 Nginx做反向代理的三種配置 用Nginx做端口轉發(反向代理) nginx做nodejs(express等通用)反向代理 使用Nginx實現反向代理 使用Nginx實現反向代理 使用nginx反向代理jenkins nginx反向代理和alias的使用 生產環境中nginx既做web服務又做反向代理 用Nginx為多個http/socks代理做負載均衡(反向代理)
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM