基础架构系列篇-使用nginx代理gateway nacos与设置同时支持http(https)方式

流程: NGINX—代理—>网关gateway—统一调用—>多个服务模块

1. 准备域名,域名备案,开通80与443端口,域名解析

2. 申请CA证书(即CA颁布的SSL证书)

3. 配置nginx

参考

upstream nacos{   //upstream模块可负载均衡多个server
        server localhost:8848;
}
upstream gateway{
        server  localhost:2000;
}
server {
    listen 80;   #http
    server_name cloud.com;
   	# rewrite ^(.*)$ https://${server_name}$1 permanent;  #重定向80跳转到443端口

    location /nacos/{
            proxy_pass http://nacos;  #不截断/nacos
            proxy_redirect off;
            proxy_set_header        X-Real-IP           $remote_addr;
            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header        Host    $http_host;
            proxy_set_header        X-NginX-Proxy   true;
            proxy_read_timeout  7200;
            break;
      }
      # 一般使用/的location是网站前端主页或网关服务
     location /{  #代理前端主页
            root /home/nginx/html/dist;
            index index.html;
            # 采用vue-router的时候，必须配置这个
            try_files $uri $uri/ /index.html;
        }

	location /gateway/ {  #代理网关gateway
	                proxy_pass http://gateway/;   #截断/gateway路径规则
	                proxy_redirect off;
	                proxy_set_header        X-Real-IP           $remote_addr;
	                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
	                proxy_set_header        Host    $http_host;
	                proxy_set_header        X-NginX-Proxy   true;
	                proxy_read_timeout  7200;
	                break;
	          }
}


server {
        listen  443;  #https
        server_name  cloud.com;
        ssl on;
        ssl_certificate /home/ssl/XXX.pem;
        ssl_certificate_key /home/ssl/XXX.key;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_session_timeout     5m;
        ssl_session_cache       shared:SSL:10m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
        ssl_prefer_server_ciphers on;

		#include /etc/nginx/default.d/*.conf;
		#以下部分与80内部类似
        location /nacos/{
                proxy_pass http://nacos;
                proxy_redirect off;
                proxy_set_header        X-Real-IP           $remote_addr;
                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header        Host    $http_host;
                proxy_set_header        X-NginX-Proxy   true;
                proxy_read_timeout  7200;
                break;
          }

        location / {
                root /home/nginx/html/dist;
				index index.html;
                # 采用vue-router的时候，必须配置这个
                try_files $uri $uri/ /index.html;
		}

        location /gateway/ {
                proxy_pass http://gateway/;
                proxy_redirect off;
                proxy_set_header        X-Real-IP           $remote_addr;
                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header        Host    $http_host;
                proxy_set_header        X-NginX-Proxy   true;
                proxy_read_timeout  7200;
                break;
          }

        #error_page 404 /404.html;
        #   location = /40x.html {
        #}

        #error_page 500 502 503 504 /50x.html;
        #    location = /50x.html {
       # }
 }

打开网站主页或调用接口测试