澳门新浦京娱乐场网站-www.146.net-新浦京娱乐场官网
做最好的网站

反向代理,nginx缓存设置

上一篇介绍了docker 安装和docker-compose配置

docker Jenkins Continuous Integration and Delivery server.

使用docker pull nginx:1.12.0

目的:缓存nginx服务器的静态文件。如css,js,htm,html,jpg,gif,png,flv,swf,这些文件都不是经常更新。便于缓存以减轻服务器的压力。
实现:nginx proxy_cache可以将用户的请缓存到本地一个目录,当下一个请求时可以直接调取缓存文件,就不用去后端服务器去取文件了。
配置:打开配置文件/usr/local/nginx/conf/nginx.conf

This is a fully functional Jenkins server, based on the weekly and LTS releases .

编写docker-compose.yml

user  www www;
worker_processes 2;
error_log  /var/log/nginx_error.log  crit;
worker_rlimit_nofile 65535;
events
{
  use epoll;
  worker_connections 65535;
}

To use the latest LTS: 

 

http
{
  include       mime.types;
  default_type  application/octet-stream;

docker pull jenkins/jenkins:lts

nginx:
image: 17daebd00e2c
ports:

  server_names_hash_bucket_size 128;
  client_header_buffer_size 32k;
  large_client_header_buffers 4 32k;
  client_max_body_size 8m;

To use the latest weekly: 

  • 80:80
    volumes:
  • /home/conf/nginx.conf:/etc/nginx/nginx.conf
    links:
  • nginx1
  • nginx2
    privileged: true

  sendfile on;
  tcp_nopush     on;
  keepalive_timeout 0;
  tcp_nodelay on;

docker pull jenkins/jenkins

nginx1:
image: 17daebd00e2c
volumes:

  fastcgi_connect_timeout 300;
  fastcgi_send_timeout 300;
  fastcgi_read_timeout 300;
  fastcgi_buffer_size 64k;
  fastcgi_buffers 4 64k;
  fastcgi_busy_buffers_size 128k;
  fastcgi_temp_file_write_size 128k;
  ##cache##
  proxy_connect_timeout 5;
  proxy_read_timeout 60;
  proxy_send_timeout 5;
  proxy_buffer_size 16k;
  proxy_buffers 4 64k;
  proxy_busy_buffers_size 128k;
  proxy_temp_file_write_size 128k;
  proxy_temp_path /home/temp_dir;
  proxy_cache_path /home/cache levels=1:2 keys_zone=cache_one:200m inactive=1d max_size=30g;
  ##end##

Lighter alpine based image also available

  • /home/www1:/usr/share/nginx/html
    privileged: true

  gzip    on;
  gzip_min_length   1k;
  gzip_buffers   4 8k;
  gzip_http_version  1.1;
  gzip_types   text/plain application/x-javascript text/css  application/xml;
  gzip_disable "MSIE [1-6].";

docker run -p 8080:8080 -p 50000:50000 jenkins/jenkins:lts

nginx2:
image: 17daebd00e2c
volumes:

  log_format  access  '$remote_addr - $remote_user [$time_local] "$request" '
             '$status $body_bytes_sent "$http_referer" '
             '"$http_user_agent" $http_x_forwarded_for';
  upstream appserver {
        server 192.168.1.251;
  }
  server {
        listen       80 default;
        server_name www.gangpao.com;
        location ~ .*.(gif|jpg|png|htm|html|css|js|flv|ico|swf)(.*) {
              proxy_pass ;
              proxy_redirect off;
              proxy_set_header Host $host;
              proxy_cache cache_one;
              proxy_cache_valid 200 302 1h;
              proxy_cache_valid 301 1d;
              proxy_cache_valid any 1m;
              expires 30d;
        }
        location ~ .*.(php)(.*){
             proxy_pass ;
             proxy_set_header        Host $host;
             proxy_set_header        X-Real-IP $remote_addr;
             proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        }
        access_log /usr/local/nginx/logs/www.gangpao.com.log;
  }
}

NOTE: read below the build executors part for the role of the 50000 port mapping.

  • /home/www2:/usr/share/nginx/html
    privileged: true

红色部分是配置缓存的参数。
说明:
1、http段设置。
proxy_temp_path /home/temp_dir;设置临时目录
proxy_cache_path /home/cache levels=1:2 keys_zone=cache_one:200m inactive=1d max_size=30g;设置缓存目录为二级目录,共享内存区大小,非活动时间,最大容量,注意临时目录要跟缓存目录在同一个分区。
2、server段设置
请求静态文件设置。
proxy_cache cache_one;设置缓存共享内存区块,也就是keys_zone名称。
proxy_cache_valid 200 302 1h;设置http状态码为200,302缓存时间为1小时。
expires 30d;设置失期时间,为30天
请求动态文件设置。
proxy_pass
测试:当客户端发起http请求时在服务器上会产一个缓存文件如

This will store the workspace in /var/jenkins_home. All Jenkins data lives in there - including plugins and configuration. You will probably want to make that an explicit volume so you can manage it and attach to another container for upgrades :

 

/home/cache/0/b9/8bd841b1c44ee5b91457eb561e44eb90

mkdir /home/jenkins

cd /home

sudo chown -R 1000:1000 jenkins_home

docker run -p 8080:8080 -p 50000:50000 -v /home/jenkins_home:/var/jenkins_home jenkins/jenkins:lts

编写nginx.conf

OK

this will automatically create a 'jenkins_home' volume on docker host, that will survive container stop/restart/deletion.

在http模块中添加

Avoid using a bind mount from a folder on host into /var/jenkins_home, as this might result in file permission issue. If you really need to bind mount jenkins_home, ensure that directory on host is accessible by the jenkins user in container (jenkins user - uid 1000) or use -u some_other_user parameter with docker run.

 

Backing up data

upstream pro {
ip_hash;//根据ip访问,测试时可以注释
server nginx1:80;
server nginx2:80;
}

If you bind mount in a volume - you can simply back up that directory (which is jenkins_home) at any time.

server模块中添加

This is highly recommended. Treat the jenkins_home directory as you would a database - in Docker you would generally put a database on a volume.

location / {
proxy_pass ;
#proxy_redirect off;
#如果是非80端口,配置为Host $host:端口号,目的是将代理服务器收到的用户的信息传到真实服务器上
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_反向代理,nginx缓存设置。size 64k;
proxy_temp_file_write_size 64k;
add_header Access-Control-Allow-Origin *;

If your volume is inside a container - you can use docker cp $ID:/var/jenkins_home command to extract the data, or other options to find where the volume data is. Note that some symlinks on some OSes may be converted to copies (this can confuse jenkins with lastStableBuild links etc)

}

Running Jenkins from a subdomain (like http://jenkins.domain.tld)

 

Due to people are often struggling getting Jenkins to work behind an NGINX reverse proxy setup I've decided to share my currently running config.

最后在www1和www2目录中添加html文件

Hope this could be of any help to someone.

直接访问html地址即可

server {

 

    listen 80;

nginx1和nginx2只可以在docker容器中访问

    server_name jenkins.domain.tld;

 

    return 301 ;

}

server {

    listen 80;

    server_name jenkins.domain.tld;

    location / {

      proxy_set_header        Host $host:$server_port;

      proxy_set_header        X-Real-IP $remote_addr;

      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

      proxy_set_header        X-Forwarded-Proto $scheme;

      # Fix the "It appears that your reverse proxy set up is broken" error.

      proxy_pass          ;

      proxy_read_timeout 90;

      proxy_redirect       https://jenkins.domain.tld;

      # Required for new HTTP-based CLI

      proxy_http_version 1.1;

      proxy_request_buffering off;

      # workaround for 

      add_header 'X-SSH-Endpoint' 'jenkins.domain.tld:50022' always;

    }

  }

Running from a subdomain with SSL

upstream jenkins {

  server 127.0.0.1:8080 fail_timeout=0;

}

server {

  listen 80;

  server_name jenkins.domain.tld;

  return 301 ;

}

server {

  listen 443 ssl;

  server_name jenkins.domain.tld;

  ssl_certificate /etc/nginx/ssl/server.crt;

  ssl_certificate_key /etc/nginx/ssl/server.key;

  location / {

    proxy_set_header        Host $host:$server_port;

    proxy_set_header        X-Real-IP $remote_addr;

    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_set_header        X-Forwarded-Proto $scheme;

    proxy_redirect http:// https://;

    proxy_pass              ;

    # Required for new HTTP-based CLI

    proxy_http_version 1.1;

    proxy_request_buffering off;

    proxy_buffering off; # Required for HTTP-based CLI to work over SSL

    # workaround for 

    add_header 'X-SSH-Endpoint' 'jenkins.domain.tld:50022' always;

  }

}

Running Jenkins from a folder with TLS encryption (like https://domain.tld/jenkins/)

However, you may want to access Jenkins from a folder on your main web server. This allows you to use the same TLS/SSL certificate as for your top level domain, whereas a sub-domain like jenkins.domain.tld may require a new TLS/SSL certificate (that seems to depend on your certificate provider). You can configure nginx as a reverse proxy to translate requests coming in from the WAN as https://domain.tld/jenkins/ to LAN requests tohttp://10.0.0.100:8080/jenkins.

Note that this example uses the same settings as currently listed on the wiki article at https://wiki.jenkins-ci.org/display/JENKINS/Running Hudson behind Nginx, but with different values for the proxy_pass and proxy_redirect directives.

server {

    # All your server and TLS/certificate settings are up here somewhere

    [...]

    # Nginx configuration specific to Jenkins

    # Note that regex takes precedence, so use of "^~" ensures earlier evaluation

    location ^~ /jenkins/ {

        # Convert inbound WAN requests for  to 

        # local network requests for 

        proxy_pass ;

    # Rewrite HTTPS requests from WAN to HTTP requests on LAN

        proxy_redirect http:// https://;

        # The following settings from

        sendfile off;

        proxy_set_header   Host             $host:$server_port;

        proxy_set_header   X-Real-IP        $remote_addr;

        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;

        proxy_max_temp_file_size 0;

        #this is the maximum upload size

        client_max_body_size       10m;

        client_body_buffer_size    128k;

        proxy_connect_timeout 90;

        proxy_send_timeout 90;

        proxy_read_timeout 90;

        proxy_temp_file_write_size 64k;

        # Required for new HTTP-based CLI

        proxy_http_version 1.1;

        proxy_request_buffering off;

        proxy_buffering off; # Required for HTTP-based CLI to work over SSL

  }

In addition, you must ensure that Jenkins is configured to listen for requests to the /jenkins/ folder (e.g. http://10.0.0.100:8080/jenkins/ instead of http://10.0.0.100:8080/). Do that by adding the parameter --prefix=/jenkins to the Jenkins default start-up configuration file. On my system (Ubuntu 12.04 LTS) the configuration file is /etc/default/jenkins. For example, here's the full JENKINS_ARG parameter list (the only part I added was--prefix=/jenkins):

JENKINS_ARGS="--webroot=/var/cache/jenkins/war --httpPort=$HTTP_PORT --ajp13Port=$AJP_PORT --prefix=/jenkins"

Once configured, you should also set the URL used by the Jenkins UI at Jenkins > Manage Jenkins > Jenkins Location > Jenkins URL to something like:  ".

Being compatible with CSRF protection

This section applies to Jenkins 1.x only. Jenkins 2 uses an nginx-compatible crumb header name by default.

If you enable "Prevent Cross Site Request Forgery exploits" in the Configure Global Security page, you'll need special care for Jenkins to work behind a proxy. You'll need to enable the Enable proxy compatibility checkbox. And you'll need to add to your nginx configuration the following fragment:

http {

  ignore_invalid_headers off;

}

This is required because Jenkins uses a custom HTTP header named .crumb. See bug https://issues.jenkins-ci.org/browse/JENKINS-12875 for details.

本文由澳门新浦京娱乐场网站发布于www.146.net,转载请注明出处:反向代理,nginx缓存设置