一、寫在前面
最近需要把阿里云上的四臺服務器的項目遷移到客戶提供的新的項目中,原來的四臺服務器中用到了一級域名和二級域名。比如aaa.abc.com 和bbb.abc.com 和ccc.abc.com。其中aaa.abc.com登錄,通過把cookie中的信息setdomain給.abc.com。其他系統可以共享這個cookie。但是新的四臺服務器中并沒有申請域名,只有四個ip:
192.168.0.1??? 單點登錄服務器
192.168.0.2
192.168.0.3
192.168.0.4
因為每臺服務器有兩個項目,都用到單點登錄,所以通過修改新的共享登錄方式花費時間太多,于是在網上搜cookie的跨域登錄,嘗試了下,在192.168.0.1??? 單點登錄服務器中多次setdomain分別給2、3、4服務器,結果不理想,因為瀏覽器不允許。后來無意中看到nginx可以通過欺騙的方式共享cookie。于是想到原來公司部署nginx還有這層用法。
二、原來的nginx配置
先說下nginx的安裝,這個網上都有很多教程,不在贅述,我是參照于在linux里安裝、啟動nginx。需要注意的是./configure后面的各種with,我在配置啟動過程遇到了一些問題:
nginx:?[emerg]?unknown?directive?"aio"?in
加上–with-file-aio?
復制代碼?代碼如下:
starting nginx: nginx: [emerg] the inet6 sockets are not supported on this platform in “[::]:80” of the
在后面加上–with-ipv6好使。
安裝完成后。主要是nginx.conf的配置
原來服務器的配置nginx.conf:
#?for?more?information?on?configuration,?see: #??*?official?english?documentation:?http://nginx.org/en/docs/ #??*?official?russian?documentation:?http://nginx.org/ru/docs/ user?root; worker_processes?2; worker_cpu_affinity?1000?0100; error_log?logs/error.log; pid?logs/nginx.pid; events?{ ??worker_connections?2048; } http?{ ??log_format?main?'$remote_addr?-?$remote_user?[$time_local]?"$request"?' ???????????'$status?$body_bytes_sent?"$http_referer"?' ???????????'"$http_user_agent"?"$http_x_forwarded_for"'; ??access_log?logs/access.log?main; ??gzip?on; ??gzip_min_length?1000; ??gzip_buffers???4?8k; ??gzip_types????text/plain?application/javascript?application/x-javascript?text/css?application/xml; ??client_max_body_size?8m; ??client_body_buffer_size?128k; ??sendfile??????on; ??tcp_nopush?????on; ??tcp_nodelay?????on; ??keepalive_timeout??65; ??types_hash_max_size?2048; ??include???????mime.types; ??default_type????application/octet-stream; ??connection_pool_size?512; ??aio?on; ??open_file_cache?max=1000?inactive=20s; ??#?load?modular?configuration?files?from?the?/etc/nginx/conf.d?directory. ??#?see?http://nginx.org/en/docs/ngx_core_module.html#include ??#?for?more?information. # 主要配置在這里,nginx.conf配置都是一樣 ??include?/usr/local/nginx/conf/conf.d/*.conf; ??server?{ ????listen????80?default_server; ????listen?[::]:80?ipv6only=on?default_server; ????server_name?_; ????root?????html; ????#?load?configuration?files?for?the?default?server?block. ????include?/usr/local/nginx/conf/default.d/*.conf; ????location?/?{ ????} ????error_page?404?/404.html; ??????location?=?/40x.html?{ ????} ????error_page?500?502?503?504?/50x.html; ??????location?=?/50x.html?{ ????} ??} }
原來服務器的
conf.d/*.conf的配置是reverse-proxy.conf
server { ??listen?80; ??server_name?m.abc.com.cn; ??location?/?{ ????root??/usr/share/nginx/html/; ????index?index.html?index.htm; ??} ??location?~?.(jsp|do)?$?{ ????proxy_redirect?off; ????proxy_set_header?host?$host; ????proxy_set_header?x-real-ip?$remote_addr; ????proxy_set_header?x-forwarded-for?$proxy_add_x_forwarded_for; ????proxy_pass?http://localhost:8084; ??} ??if?($http_user_agent?~*?"qihoobot|baiduspider|googlebot|googlebot-mobile|googlebot-image|mediapartners-google|adsbot-google|feedfetcher-google|yahoo!?slurp|yahoo!?slurp?china|youdaobot|sosospider|sogou?spider|sogou?web?spider|msnbot|ia_archiver|tomato?bot")?{? ????????return?403;? ????} ??access_log?/home/logs/nginx/m.abc.com.cn_access.log; } ? server { ??listen?80; ??server_name?store.abc.com.cn?*.store.abc.com.cn; ??location?/?{ ????proxy_redirect?off; ????proxy_set_header?host?$host; ????proxy_set_header?x-real-ip?$remote_addr; ????proxy_set_header?x-forwarded-for?$proxy_add_x_forwarded_for; ????proxy_pass?http://localhost:8081; ??} ??access_log?/home/logs/nginx/store.abc.com.cn_access.log; } server { ??listen?80; ??server_name?shopcenter.abc.com.cn; ??location?/?{ ????proxy_redirect?off; ????proxy_set_header?host?$host; ????proxy_set_header?x-real-ip?$remote_addr; ????proxy_set_header?x-forwarded-for?$proxy_add_x_forwarded_for; ????proxy_pass?http://10.45.100.222:8082; ??} ??access_log?/home/logs/nginx/shopcenter.abc.com.cn_access.log; } ? server { ??listen?80; ??server_name?search.abc.com.cn; ??location?/?{ ????proxy_redirect?off; ????proxy_set_header?host?$host; ????proxy_set_header?x-real-ip?$remote_addr; ????proxy_set_header?x-forwarded-for?$proxy_add_x_forwarded_for; ????proxy_pass?http://10.45.100.68:8083; ??} ??access_log?/home/logs/nginx/search.abc.com.cn_access.log; }
以上配置后,nginx啟動后,通過訪問不同的域名來訪問不同服務器。而因為都有二級域名.abc.com.cn。所以可以共享cookie。
nginx的文件結構為:
三、修改后的nginx配置
主要是reverse-proxy.conf 不同
server { ??listen?9998; ??server_name?192.168.0.1:9998; ??location?/servlets/?{ ????proxy_redirect?off; ????proxy_set_header?host?$host; ????proxy_set_header?x-real-ip?$remote_addr; ????proxy_set_header?x-forwarded-for?$proxy_add_x_forwarded_for; ????proxy_pass?http://192.168.0.1:8088; ??} ??location?/?{ ????root??/usr/local/nginx/html/web/; ????index?index.html?index.htm; ??} ??location?~?.(jsp|do)?$?{ ????proxy_redirect?off; ????proxy_set_header?host?$host; ????proxy_set_header?x-real-ip?$remote_addr; ????proxy_set_header?x-forwarded-for?$proxy_add_x_forwarded_for; ????proxy_pass?http://192.168.0.1:8088; ???? ????proxy_http_version?1.1; ????proxy_set_header?upgrade?$http_upgrade; ????proxy_set_header?connection?"upgrade"; ????proxy_read_timeout??700s; ??}? if?($http_user_agent?~*?"qihoobot|baiduspider|googlebot|googlebot-mobile|googlebot-image|mediapartners-google|adsbot-google|feedfetcher-google|yahoo!?slurp|yahoo!?slurp?china|youdaobot|sosospider|sogou?spider|sogou?web?spider|msnbot|ia_archiver|tomato?bot")?{? ????????return?403;? ????} ??access_log?/usr/local/nginx/logs/www.abc.com.cn_access.log; } server { ??listen?9994; ??server_name?192.168.0.1:9994; ??location?/?{ ???proxy_redirect?off; ????root??/usr/local/nginx/html/weixin/; ????index?index.html?index.htm; ??} ??location?~?.(jsp|do)?$?{ ????proxy_redirect?off; ????proxy_set_header?host?$host; ????proxy_set_header?x-real-ip?$remote_addr; ????proxy_set_header?x-forwarded-for?$proxy_add_x_forwarded_for; ????proxy_pass?http://localhost:8084; ??} ??if?($http_user_agent?~*?"qihoobot|baiduspider|googlebot|googlebot-mobile|googlebot-image|mediapartners-google|adsbot-google|feedfetcher-google|yahoo!?slurp|yahoo!?slurp?china|youdaobot|sosospider|sogou?spider|sogou?web?spider|msnbot|ia_archiver|tomato?bot")?{? ????????return?403;? ????} ??access_log?/usr/local/nginx/logs/m.abc.com.cn_access.log; } ? server { ??listen?9990; ??server_name?store.abc.com.cn?*.store.abc.com.cn; ??location?/?{ ????proxy_redirect?off; ????proxy_set_header?host?$host; ????proxy_set_header?x-real-ip?$remote_addr; ????proxy_set_header?x-forwarded-for?$proxy_add_x_forwarded_for; ????proxy_pass?http://localhost:8081; ??} ??access_log?/usr/local/nginx/logs/store.abc.com.cn_access.log; } server { ??listen?9992; ??server_name?192.168.0.1:9992; ??location?/?{ ????proxy_redirect?off; ????proxy_set_header?host?$host; ????proxy_set_header?x-real-ip?$remote_addr; ????proxy_set_header?x-forwarded-for?$proxy_add_x_forwarded_for; ????proxy_pass?http://192.168.0.2:8082; ??} ??access_log?/usr/local/nginx/logs/shopcenter.abc.com.cn_access.log; } ? server { ??listen?9993; ??server_name?192.168.0.1:9993; ??location?/?{ ????proxy_redirect?off; ????proxy_set_header?host?$host; ????proxy_set_header?x-real-ip?$remote_addr; ????proxy_set_header?x-forwarded-for?$proxy_add_x_forwarded_for; ????proxy_pass?http://192.168.0.3:8083; ??} ??access_log?/usr/local/nginx/logs/search.abc.com.cn_access.log; }
?這樣就可以把192.168.0.1:9998 當做單點服務器,登錄后的domain都為192.168.0.1 。其他的0.2、0.3都可以通過192.168.0.1nginx和單點服務器的不同端口訪問,那么就可以共享這個0.1的域名了。