配置Nginx根据按规则访问后台服务器--Nginx集成Vcenter 6.X HTML Console系列之 4--(共4)

由于不同虚机在不同物理机上，所以需要根据某个标识符，来告诉Nginx跳转访问对应的ESXi服务器。有两种办法：1、 通过虚拟目录，反向代理不同后台服务器此时通过指定不同的虚拟目录，可以实现访问不同的后台服务器，...

由于不同虚机在不同物理机上，所以需要根据某个标识符，来告诉Nginx跳转访问对应的ESXi服务器。有两种办法：

1、 通过虚拟目录，反向代理不同后台服务器

此时通过指定不同的虚拟目录，可以实现访问不同的后台服务器，此时虚拟目录不需要在后台服务器配置

location /1/ { #/1/的最后面的/也不能少，因为去掉斜杆的话，就是精确匹配了，实际我们后面还有目录呢，不然也会导致404，比较坑，务必注意，至于为什么，看下面解释一
           proxy_pass https://ESXi_IP_1/; #注意，最后面的/,一定不能少，不然前面的/1/目录，会作为参数传给后端，导致404，至于为什么，看下面解释二
           proxy_http_version 1.1;
           proxy_set_header Upgrade $http_upgrade;
           proxy_set_header Connection "upgrade";
        }

location /2/ {
           proxy_pass https://ESXi_IP_2/;
           proxy_http_version 1.1;
           proxy_set_header Upgrade $http_upgrade;
           proxy_set_header Connection "upgrade";
        }

location /3/ {
           proxy_pass https://ESXi_IP_3/;
           proxy_http_version 1.1;
           proxy_set_header Upgrade $http_upgrade;
           proxy_set_header Connection "upgrade";

解释一location

If a location is defined by a prefix string that ends with the slash character, and requests are processed by one of proxy_pass, fastcgi_pass, uwsgi_pass, scgi_pass, memcached_pass, or grpc_pass, then the special processing is performed. In response to a request with URI equal to this string, but without the trailing slash, a permanent redirect with the code 301 will be returned to the requested URI with the slash appended. If this is not desired, an exact match of the URI and location could be defined like this:

location /user/ {
    proxy_pass http://user.example.com;
}

location = /user {
    proxy_pass http://login.example.com;
}

解释二proxy_pass

A request URI is passed to the server as follows:

• If the proxy_pass directive is specified with a URI, then when a request is passed to the server, the part of a normalized request URI matching the location is replaced by a URI specified in the directive:

  location /name/ {
      proxy_pass http://127.0.0.1/remote/;
  }
  

• If proxy_pass is specified without a URI, the request URI is passed to the server in the same form as sent by a client when the original request is processed, or the full normalized request URI is passed when processing the changed URI:

  location /some/path/ {
      proxy_pass http://127.0.0.1;
  }

上述办法针对较少esxi比较有效，如果比较多，或者变化比较频繁，天天改规则就麻烦了

2、根据url参数反向代理不同后台服务器

Nginx支持URL中的参数作为全局变量，可以直接在Nginx.conf文件中使用

    location / {
           proxy_pass https://$arg_ip;
           proxy_http_version 1.1;  
           proxy_set_header Upgrade $http_upgrade;  
           proxy_set_header Connection "upgrade";
        }

其中的 $arg_ip 就是url中的参数ip的值
如wss://hostip/ticket/233424sdf234?ip=1.1.1.1

那么$arg_ip 就是1.1.1.1

以上方法可以灵活应对esxi变化的情况，非常方便。

3、我的配置示例

cat nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
	worker_connections 768;
	# multi_accept on;
}

http {

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	# server_tokens off;

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip on;

	# gzip_vary on;
	# gzip_proxied any;
	# gzip_comp_level 6;
	# gzip_buffers 16 8k;
	# gzip_http_version 1.1;
	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

	##
	# Virtual Host Configs
	##
	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;	
	ssl_certificate /etc/ssl/certs/9-rui.crt;
	ssl_certificate_key /etc/ssl/private/9-rui.key;	

	
# 对外发布https服务，代理esxi的https服务，存在证书和信任问题	
 server {
 listen 443 ssl;
 server_name 10.200.108.91; 
 location / { 
    proxy_pass              https://$arg_name;
    proxy_http_version      1.1;
    proxy_set_header        Upgrade $http_upgrade;
    proxy_set_header        Connection "Upgrade";
    proxy_read_timeout      86400;
    proxy_set_header        Host $host;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-Server $host;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        Authorization "";
    proxy_redirect          off;
}
}

# 对外发布http服务，代理的也是http服务，无证书问题，需要esxi允许http
 server {
 listen 80;
 server_name 10.200.108.91; 
 location / { 
    proxy_pass              http://$arg_name;
    proxy_http_version      1.1;
    proxy_set_header        Upgrade $http_upgrade;
    proxy_set_header        Connection "Upgrade";
    proxy_read_timeout      86400;
    proxy_set_header        Host $host;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-Server $host;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        Authorization "";
    proxy_redirect          off;
}
}	
	
# 对外发布http服务，代理的是https服务，对外服务无证书问题，连接后端是https，是安全的	
 server {
 listen 8080;
 server_name 10.200.108.91; 
 location / { 
    proxy_pass              https://$arg_name;
    proxy_http_version      1.1;
    proxy_set_header        Upgrade $http_upgrade;
    proxy_set_header        Connection "Upgrade";
    proxy_read_timeout      86400;
    proxy_set_header        Host $host;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-Server $host;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        Authorization "";
    proxy_redirect          off;
	
}
}		
	
	
# 对外发布http服务，代理的是https服务，对外服务无证书问题，连接后端是https，是安全的	
 server {
 listen 8080;
 server_name 10.200.108.91; 
 location /vhost1/ { # https://nginxserveraddress/vhost1 (will take you here)
    proxy_pass              https://$arg_name;
    proxy_http_version      1.1;
    proxy_set_header        Upgrade $http_upgrade;
    proxy_set_header        Connection "Upgrade";
    proxy_read_timeout      86400;
    proxy_set_header        Host $host;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-Server $host;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        Authorization "";
    proxy_redirect          off;
	
}
}	
	
	
}

参考：

用nginx做ws代理，并根据url参数选择后台服务器

Nginx配置二级目录/路径 映射不同的反向代理和规避IP+端口访问