后端服务路径:
172.168.0.2:8080
172.168.0.2:7080
前端目录(html + css + js):
/root/apps/mzsg-web
1、修改 /etc/nginx.conf,注释掉nginx默认网站配置
include /etc/nginx/conf.d/*.conf;
#include /etc/nginx/sites-enabled/*;
2、在/etc/nginx/conf.d目录下面新建配置文件,建议以网站简称全名,如mzsg.conf
upstream cat {
server 172.168.0.2:8080 weight=5;
server 172.168.0.2:7080 weight=5;
}
server{
listen 80;
server_name localhost;
location / {
proxy_pass http://cat;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header APP_ID mzsg;
proxy_set_header APP_KEY 31134314124fadfadf;
}
location ~ \.(html|js|css|png|gif|jpg)$ {
root /root/apps/mzsg-web;
index index.html index.htm;
}
}
如果是以.(html|js|css|png|gif|jpg)作为后缀的请求,则直接请求静态资源 /root/apps/mzsg-web 否则,转发给两个后端,这里两个后端负载策略采用了权重的方式,可以根据实际情况选择其它策略,如轮询、IP哈希、最小连接等
proxy_set_header X-real-ip $remote_addr; proxy_set_header X-Forwarded-For $remote_addr;
这两个HTTP头是因为采用了nginx作为代理后,后端可以通过 X-real-ip 或 X-Forwarded-For取得用户IP地址
proxy_set_header APP_ID mzsg;
proxy_set_header APP_KEY 31134314124fadfadf;
这两个HTTP头是因为后端权限校验需要
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
声明支持websocket
3、支持SSL
修改前端websocket连接代码,原本ws://需要改为wss://(购买或)生成密钥和证书,过程省略。需要注意的是:自己生成的证书在很多浏览器上会报警告,忽略后websocket仍然能用,如Chrom、Firefox,但有些浏览器不能用,如Safari。修改/etc/nginx/conf.d/mzsg.conf
upstream cat {
server 172.168.0.2:8080 weight=5;
server 172.168.0.2:7080 weight=5;
}
server{
listen 443;
ssl on;
ssl_certificate /etc/nginx/server.crt;
ssl_certificate_key /etc/nginx/server.key;
server_name localhost;
location / {
proxy_pass http://cat;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header APP_ID mzsg;
proxy_set_header APP_KEY 31134314124fadfadf;
}
location ~ \.(html|js|css|png|gif|jpg)$ {
root /root/apps/mzsg-web;
index index.html index.htm;
}
}