OpenShift-Nginx Pod作为SSL终止和负载平衡器 [英] OpenShift - nginx pod as SSL termination and load balancer

问题描述

过去，我在Ubuntu上的nginx中使用了以下配置文件.它执行以下操作:

1. SSL终止
2. 负载均衡器
3. 插入自定义标头X-Nginx-header
4. 记录调用

events { }

http {
    log_format main '$time_iso8601 - $remote_addr - "$http_user_agent" - "$request" - $request_id '
    '- $status - $body_bytes_sent - $request_time ';

    access_log /home/ubuntu/project-demo/logs/access.log main;
    error_log /home/ubuntu/project-demo/logs/error.log error;
    proxy_cache_path /data/nginx/cache keys_zone=one:10m;

    upstream demoapp {
        least_conn;
        server localhost:3001;
        server localhost:3002;
        server localhost:3003;
        server localhost:3004;
    }

    server {
        listen 443 ssl;

        ssl_certificate         /home/ubuntu/project-demo/certs/server.crt;
        ssl_certificate_key     /home/ubuntu/project-demo/certs/server.pem;
        ssl_protocols           TLSv1.1 TLSv1.2;
        ssl_ciphers             HIGH:!aNULL:!MD5;
        ssl_session_cache       shared:SSL:20m;
        ssl_session_timeout     4h;

        location / {
            proxy_set_header X-Nginx-header $request_id;
            proxy_pass http://demoapp/;
        }
    }
}

我想用部署在OpenShift集群中作为Pod的nginx复制相同的内容.我可以看到nginx如OpenShift群集目录中所列.当我尝试启动一个时，它显示了一个GitHub存储库的字段以及一个示例存储库- https://github.com/sclorg/nginx-ex.git

如何使用该存储库存储上面显示的配置文件?

解决方案

此图像的nginx 1.14版本的文档可以找到 s2i 图片. s2i是一种构建机制，它采用源代码(在您的情况下为nginx配置)和基本s2i映像(在您的情况下为sclorg nginx contianer映像)并生成运行时映像(在您的情况下为具有配置的nginx映像).

根据上述有关nginx s2i映像的文档，如果您将s2i生成过程指向其中包含以下任何文件的VCS存储库(或本地目录)，则它们将被nginx s2i生成器映像自动使用:产生一个已配置的运行时容器映像.

./nginx.conf-- The main nginx configuration file

./nginx-cfg/*.conf
Should contain all nginx configuration we want to include into image

./nginx-default-cfg/*.conf
Contains any nginx config snippets to include in the default server block

./nginx-start/*.sh
Contains shell scripts that are sourced right before nginx is launched

./
Should contain nginx application source code

在您的情况下，这意味着您可以将配置放在nginx.conf文件中以覆盖整个nginx配置，也可以放在./nginx-cfg/*.conf文件中以仅将配置添加到默认的nginx.conf文件中.

In the past, I have used the following configuration file for nginx on Ubuntu. It does the following:

1. SSL termination
2. Load balancer
3. Inserts a custom header X-Nginx-header
4. Logs the invocations

events { }

http {
    log_format main '$time_iso8601 - $remote_addr - "$http_user_agent" - "$request" - $request_id '
    '- $status - $body_bytes_sent - $request_time ';

    access_log /home/ubuntu/project-demo/logs/access.log main;
    error_log /home/ubuntu/project-demo/logs/error.log error;
    proxy_cache_path /data/nginx/cache keys_zone=one:10m;

    upstream demoapp {
        least_conn;
        server localhost:3001;
        server localhost:3002;
        server localhost:3003;
        server localhost:3004;
    }

    server {
        listen 443 ssl;

        ssl_certificate         /home/ubuntu/project-demo/certs/server.crt;
        ssl_certificate_key     /home/ubuntu/project-demo/certs/server.pem;
        ssl_protocols           TLSv1.1 TLSv1.2;
        ssl_ciphers             HIGH:!aNULL:!MD5;
        ssl_session_cache       shared:SSL:20m;
        ssl_session_timeout     4h;

        location / {
            proxy_set_header X-Nginx-header $request_id;
            proxy_pass http://demoapp/;
        }
    }
}

I want to replicate the same with nginx deployed as a pod in an OpenShift cluster. I can see nginx as listed in the catalog of OpenShift cluster. When I try to launch one, it shows a field for GitHub repository with a sample repository - https://github.com/sclorg/nginx-ex.git

How do I utilize this repository for the configuration file shown above?

解决方案

The documentation for the nginx 1.14 version of this image can be found here

This is an s2i image. s2i is a build mechanism that takes source code (in your case the nginx configuration) and a base s2i image (in your case the sclorg nginx contianer image) and produces a runtime image (in your case an nginx image with configuration).

Based on the above documentation for that nginx s2i image if you point the s2i build process at a VCS repository (or local directory) with any of the following files inside it, they will automatically be consumed by the nginx s2i builder image to produce a configured runtime container image.

./nginx.conf-- The main nginx configuration file

./nginx-cfg/*.conf
Should contain all nginx configuration we want to include into image

./nginx-default-cfg/*.conf
Contains any nginx config snippets to include in the default server block

./nginx-start/*.sh
Contains shell scripts that are sourced right before nginx is launched

./
Should contain nginx application source code

In your case that means you can either put your configuration in a nginx.conf file to overwrite the entire nginx configuration or in a ./nginx-cfg/*.conf file to just add your configuration to the default nginx.conf file.

这篇关于OpenShift-Nginx Pod作为SSL终止和负载平衡器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！