OpenShift-Nginx Pod作为SSL终止和负载平衡器 [英] OpenShift - nginx pod as SSL termination and load balancer
问题描述
过去,我在Ubuntu上的nginx
中使用了以下配置文件.它执行以下操作:
- SSL终止
- 负载均衡器
- 插入自定义标头
X-Nginx-header
- 记录调用
events { }
http {
log_format main '$time_iso8601 - $remote_addr - "$http_user_agent" - "$request" - $request_id '
'- $status - $body_bytes_sent - $request_time ';
access_log /home/ubuntu/project-demo/logs/access.log main;
error_log /home/ubuntu/project-demo/logs/error.log error;
proxy_cache_path /data/nginx/cache keys_zone=one:10m;
upstream demoapp {
least_conn;
server localhost:3001;
server localhost:3002;
server localhost:3003;
server localhost:3004;
}
server {
listen 443 ssl;
ssl_certificate /home/ubuntu/project-demo/certs/server.crt;
ssl_certificate_key /home/ubuntu/project-demo/certs/server.pem;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 4h;
location / {
proxy_set_header X-Nginx-header $request_id;
proxy_pass http://demoapp/;
}
}
}
我想用部署在OpenShift集群中作为Pod的nginx
复制相同的内容.我可以看到nginx
如OpenShift群集目录中所列.当我尝试启动一个时,它显示了一个GitHub存储库的字段以及一个示例存储库- https://github.com/sclorg/nginx-ex.git
如何使用该存储库存储上面显示的配置文件?
此图像的nginx 1.14版本的文档可以找到 s2i 图片. s2i是一种构建机制,它采用源代码(在您的情况下为nginx配置)和基本s2i映像(在您的情况下为sclorg nginx contianer映像)并生成运行时映像(在您的情况下为具有配置的nginx映像).>
根据上述有关nginx s2i映像的文档,如果您将s2i生成过程指向其中包含以下任何文件的VCS存储库(或本地目录),则它们将被nginx s2i生成器映像自动使用:产生一个已配置的运行时容器映像.
./nginx.conf-- The main nginx configuration file
./nginx-cfg/*.conf
Should contain all nginx configuration we want to include into image
./nginx-default-cfg/*.conf
Contains any nginx config snippets to include in the default server block
./nginx-start/*.sh
Contains shell scripts that are sourced right before nginx is launched
./
Should contain nginx application source code
在您的情况下,这意味着您可以将配置放在nginx.conf
文件中以覆盖整个nginx配置,也可以放在./nginx-cfg/*.conf
文件中以仅将配置添加到默认的nginx.conf文件中.
In the past, I have used the following configuration file for nginx
on Ubuntu. It does the following:
- SSL termination
- Load balancer
- Inserts a custom header
X-Nginx-header
- Logs the invocations
events { }
http {
log_format main '$time_iso8601 - $remote_addr - "$http_user_agent" - "$request" - $request_id '
'- $status - $body_bytes_sent - $request_time ';
access_log /home/ubuntu/project-demo/logs/access.log main;
error_log /home/ubuntu/project-demo/logs/error.log error;
proxy_cache_path /data/nginx/cache keys_zone=one:10m;
upstream demoapp {
least_conn;
server localhost:3001;
server localhost:3002;
server localhost:3003;
server localhost:3004;
}
server {
listen 443 ssl;
ssl_certificate /home/ubuntu/project-demo/certs/server.crt;
ssl_certificate_key /home/ubuntu/project-demo/certs/server.pem;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 4h;
location / {
proxy_set_header X-Nginx-header $request_id;
proxy_pass http://demoapp/;
}
}
}
I want to replicate the same with nginx
deployed as a pod in an OpenShift cluster. I can see nginx
as listed in the catalog of OpenShift cluster. When I try to launch one, it shows a field for GitHub repository with a sample repository - https://github.com/sclorg/nginx-ex.git
How do I utilize this repository for the configuration file shown above?
The documentation for the nginx 1.14 version of this image can be found here
This is an s2i image. s2i is a build mechanism that takes source code (in your case the nginx configuration) and a base s2i image (in your case the sclorg nginx contianer image) and produces a runtime image (in your case an nginx image with configuration).
Based on the above documentation for that nginx s2i image if you point the s2i build process at a VCS repository (or local directory) with any of the following files inside it, they will automatically be consumed by the nginx s2i builder image to produce a configured runtime container image.
./nginx.conf-- The main nginx configuration file
./nginx-cfg/*.conf
Should contain all nginx configuration we want to include into image
./nginx-default-cfg/*.conf
Contains any nginx config snippets to include in the default server block
./nginx-start/*.sh
Contains shell scripts that are sourced right before nginx is launched
./
Should contain nginx application source code
In your case that means you can either put your configuration in a nginx.conf
file to overwrite the entire nginx configuration or in a ./nginx-cfg/*.conf
file to just add your configuration to the default nginx.conf file.
这篇关于OpenShift-Nginx Pod作为SSL终止和负载平衡器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!