实战场景:网站上线,要保证在不影响原正式网站的前提下,部署一套网站的测试环境,供客户测试;
网站域名:www.xxxxx.com
解决此问题有2中解决方案:
①通过域名+指定路径的方式部署,即:www.xxxxx.com/test,客户可以直接通过域名访问测试环境;
②通过内网IP方式部署,即:选择一台nginx服务器,对测试环境做反向代理,客户只能通过VPN+内网IP的方式访问测试环境;
由于还需代理其他应用,所以第一种方式面临的问题很多,结果我们选择的第二种方式第二天被客户pass,所以又不得不寻求其他的解决方案。
为解决客户要求,想到了2中解决方案:
①nginx代理网站子域名,映射到测试环境。即:不同的域名映射到不同的应用环境,这种方式需要申请子域名。
②nginx代理网站域名的8080端口,映射到测试环境。即:同一域名的不同端口映射到不同的应用环境,这种方式需要域名服务商开放8080端口。
客户原因,选择第二种方式。
下面是nginx.conf配置文件:
user nobody; worker_processes 8; error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; client_max_body_size 100m; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; gzip on; gzip_comp_level 6; # 压缩比例,比例越大,压缩时间越长。默认是1 gzip_types text/xml text/plain text/css application/javascript application/x-javascript application/rss+xml; # 哪些文件可以被压缩 gzip_disable "MSIE [1-6]\."; # IE6无效 # 网站服务器列表 upstream uni-web { server xx.x.x.109:8080; } # 网站英文版 upstream uni-web-en { server xx.x.x.106:8080; } # pms服务器列表 upstream pms { server xx.x.x.106:8090; server xx.x.x.109:8090; } # 运营平台服务器列表 upstream control { server xx.x.x.105:8080; } #测试环境 server { listen 8080; server_name 你的域名; #charset koi8-r; access_log logs/host.8080.access.log main; # 转发所有请求 location / { proxy_pass http://xx.x.x.107; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } server { listen 80; server_name 你的域名; #charset koi8-r; access_log logs/host.access.log main; # 网站 location / { proxy_pass http://uni-web; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } # 英文网站 location /en { proxy_pass http://uni-web-en; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } # pms location /pms { proxy_pass http://pms; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } # 运营平台 location /cms { proxy_pass http://control; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } # jeecms 后台管理网站 location /jeeadmin/ { proxy_pass http://xx.x.x.107; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # rewrite ^(/jeeadmin/)$ /jeeadmin/jeecms/login.do break; } #location /apfel150.html { # rewrite ^/(apfel150.html)$ /study/$1 last; #} #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } location = /baidu_verify_CXOKsFqzpJ.html { root html; } location = /baidusilian.txt { root html; } location = /robots.txt { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} #设定查看Nginx状态的地址 ,在安装时要加上--with-http_stub_status_module参数 location /NginxStatus { stub_status on; access_log on; auth_basic "NginxStatus"; auth_basic_user_file conf/htpasswd; #设置访问密码,htpasswd -bc filename username password } } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} # 设置只允许通过域名访问站点 server { listen 80 default_server; server_name _; return 403; } }
第一种方式和这种配置一样,融汇广通。