一、背景
内网环境有多套系统,都监听80、443 端口
只有一个公网IP出口,无法实现将多个系统的 80 、443同时映射到公网IP上
只能通过加层来解决,通过基于域名的nginx虚拟机主机承载内网多套系统,将nginx虚拟机主机服务器上 80、443映射出去就可以了。
二、配置虚拟主机
在虚拟主机服务器上,安装nginx
# cat /etc/yum.repos.d/nginx.repo
#########################################
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
############################################
# yum list available --disablerepo="*" --enablerepo="nginx"
# yum -y install nginx --enablerepo="nginx"
# mkdir /etc/nginx/ssl
# cat /etc/nginx/nginx.conf
###############################################################
# For more information on configuration, see:
# * Official English Documentation:http://nginx.org/en/docs/
# * Official Russian Documentation:http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
# stream转发
stream {
proxy_connect_timeout 10s;
include /etc/nginx/conf.d/stream/*.conf;
}
# http转发
http {
client_max_body_size 500M;
include mime.types;
default_type application/octet-stream;
server_tokens off;
sendfile on;
keepalive_timeout 65;
send_timeout 600;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header host $host;
proxy_send_timeout 600;
proxy_read_timeout 600;
proxy_connect_timeout 600;
proxy_max_temp_file_size 4096m;
#################################################
# 开启websocket支持
proxy_http_version 1.1;
proxy_set_header Connection "";
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
###################################################
include /etc/nginx/conf.d/http/*.conf;
}
###############################################################
# cat /etc/nginx/conf.d/http/443.conf
###################################################################
upstream x1_443_service {
server 192.168.1.101:443 max_fails=2 fail_timeout=60s;
}
upstream x2_443_service {
server 192.168.1.102:443 max_fails=2 fail_timeout=60s;
}
# 虚拟机主机x1
server {
listen 443 ssl;
server_name www.example1.com;
ssl_certificate /etc/nginx/ssl/www.example1.com.cer;
ssl_certificate_key /etc/nginx/ssl/www.example1.com.key;
location / {
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header host $host;
proxy_pass https://x1_443_service;
# websocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
#虚拟主机x2
server {
listen 443 ssl;
server_name www.example2.com;
ssl_certificate /etc/nginx/ssl/www.example2.com.pem;
ssl_certificate_key /etc/nginx/ssl/www.example2.com.key;
location / {
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header host $host;
proxy_pass https://x2_443_service;
# websocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
###################################################################
# cat /etc/nginx/conf.d/stream/10086.conf
############################################
upstream 10086_service {
hash $remote_addr consistent;
server 192.168.1.103:10086 max_fails=2 fail_timeout=60s;
}
server {
listen 10086;
proxy_pass 10086_service;
}
############################################
# systemctl restart nginx
# ss -tan | grep -w 443
# ss -tan | grep -w 10086
三、测试
在windows测试机器添加hosts映射
C:\Windows\System32\drivers\etc
##############################
192.168.1.100 www.example1.com
192.168.1.100 www.example2.com
###############################
浏览器分别访问 https://www.example1.com https://www.example2.com
四、参考
nginx虚拟主机概念和类型介绍
https://blog.51cto.com/sandshell/1957701
Nginx 虚拟主机配置
https://www.cnblogs.com/wushuaishuai/p/9343044.html
How to Create an Nginx Virtual Host
https://www.keycdn.com/support/nginx-virtual-host
Server Block Examples
https://www.nginx.com/resources/wiki/start/topics/examples/server_blocks
Nginx如何处理一个请求
https://tengine.taobao.org/nginx_docs/cn/docs/http/request_processing.html