在nginx代理背后提供多个docker微服务
我试图弄清楚如何通过docker在单个nginx代理之后动态代理多个微服务。我已经能够用一个应用程序完成它,但我想动态添加微服务。我希望在不重新启动nginx和中断用户的情况下执行此操作 这是可能的,还是应该为每个微服务创建一个配置文件?我在下面提供了一些示例: localhost=简单欢迎页面在nginx代理背后提供多个docker微服务,nginx,docker,proxy,Nginx,Docker,Proxy,我试图弄清楚如何通过docker在单个nginx代理之后动态代理多个微服务。我已经能够用一个应用程序完成它,但我想动态添加微服务。我希望在不重新启动nginx和中断用户的情况下执行此操作 这是可能的,还是应该为每个微服务创建一个配置文件?我在下面提供了一些示例: localhost=简单欢迎页面 localhost/service1=microservice localhost/service2=microservice localhost/serviceN=microservice docke
localhost/service1=microservice
localhost/service2=microservice
localhost/serviceN=microservice
docker-compose.yml --- version: '2' services: app: build: app microservice1: image: registry.local:4567/microservice1:latest microservice2: image: registry.local:4567/microservice2:latest proxy: build: proxy ports: - "80:80"
在
/etc/nginx/sites available/
中为每个微服务配置文件,并在/etc/nginx/sites enabled/
示例proxy.conf,用于将app/microservice1/microservice2作为$MICRO_服务放置的每个位置
upstream REPLACEME_SERVICENAME {
server $MICRO_SERVICE:PORT fail_timeout=0;
}
server {
listen 80;
server_name REPLACEME_SITENAME.REPLACEME_DOMAIN;
proxy_pass http://REPLACEME_SERVICENAME;
}
强制SSL:
upstream REPLACEME_SITENAME.REPLACEME_DOMAIN {
server $MICRO_SERVICE fail_timeout=0;
}
server {
# We only redirect from port 80 to 443
# to enforce encryption
listen 80;
server_name REPLACEME_SITENAME.REPLACEME_DOMAIN;
return 301 https://REPLACEME_SITENAME.REPLACEME_DOMAIN$request_uri;
}
server {
listen 443 ssl http2;
server_name REPLACEME_SITENAME.REPLACEME_DOMAIN;
# If you require basic auth you can use these lines as an example
#auth_basic "Restricted!";
#auth_basic_user_file /etc/nginx/private/httplock;
# SSL
ssl_certificate /etc/letsencrypt/live/REPLACEME_SITENAME.REPLACEME_DOMAIN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/REPLACEME_SITENAME.REPLACEME_DOMAIN/privkey.pem;
proxy_connect_timeout 75s;
proxy_send_timeout 75s;
proxy_read_timeout 75s;
proxy_http_version 1.1;
send_timeout 75s;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH";
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $remote_addr;
proxy_pass http://REPLACEME_SITENAME.REPLACEME_DOMAIN;
}
}
我也有一个回购协议,我在我的衣柜里为树莓建立了一个小小的nginx服务,为我房子里的所有东西提供WAN服务:
还有一个Makefile可以帮助创建新的服务。我也面临同样的问题,我在烧瓶中有微服务,我必须将它们部署在单个EC2实例中作为暂存环境 我的目录结构如下:
SampleProject
|\_microservices
||\
|| \_A
|| |-docker-compose.yml
|| |-Dockerfile
| \
| \_B
| |-docker-compose.yml
| |-Dockerfile
|
|
|\_docker
| \_web
| |-Dockerfile
| |_nginx
| |-nginx.conf
|
|-docker-compose.yml(Nginx)
对于Nginx而言,docker compose.yml
如下所示:
version: '3.7'
services:
web:
build:
context: .
dockerfile: ./docker/web/Dockerfile
ports:
- "80:80"
networks:
default:
external:
name: microservices
upstream files_to_text {
server microserviceA:5000;
}
upstream text_cleaning {
server microserviceB:5050;
}
server {
listen 80;
location /microserviceA {
proxy_pass http://files_to_text;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
}
location /microserviceB {
proxy_pass http://text_cleaning;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
}
}
而Nginx的配置如下所示:
version: '3.7'
services:
web:
build:
context: .
dockerfile: ./docker/web/Dockerfile
ports:
- "80:80"
networks:
default:
external:
name: microservices
upstream files_to_text {
server microserviceA:5000;
}
upstream text_cleaning {
server microserviceB:5050;
}
server {
listen 80;
location /microserviceA {
proxy_pass http://files_to_text;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
}
location /microserviceB {
proxy_pass http://text_cleaning;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
}
}
为了实施SSL,我使用了AWS证书管理器和应用程序负载平衡器。
有3个步骤:
我没有试过这个,但它可能适合你的需要:我试过了,它应该适合他的需要