互联网运维技术分享

ws 代理报错处理

nginx: [emerg] unknown "connection_upgrade" variable

#在nginx.conf文件的http{}段内增加以下内容：
#http {
    map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
    }
#}

kibana http代理

cat act.conf 
upstream act19091 {
    server 10.200.77.41:19091 max_fails=3 fail_timeout=10s;
}

server {
    listen                 19091;
    server_name            act.fungaming.me;
    #ssl_certificate        ssl/fungaming.me.crt;
    #ssl_certificate_key    ssl/fungaming.me.key;
    include                vhost/error.txt;
    error_log              /home/wwwlogs/act.error.log;
    access_log             /home/logs/act.fungaming.me.log main;

    location /             {
        proxy_pass         http://act19091;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection $connection_upgrade;
    }
}

server {
    listen 80;
    server_name ana.fungaming.me;

    proxy_set_header X-Forwarded-For $remote_addr;

    location / {
         auth_basic "FunGaming WARNING";
         auth_basic_user_file /usr/local/nginx/passwd.db;
         proxy_pass         http://10.200.77.41:5601;
         proxy_set_header   Host $host;
         proxy_set_header   X-Real-IP $remote_addr;
         proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header   X-Forwarded-Host $server_name;
         proxy_read_timeout  1200s;

         access_log      /var/log/nginx/ana.access.log;
         error_log       /var/log/nginx/ana.error.log;
    }
}

http代理（seafile）

server {
    listen 80;
    server_name seafile.example.com;

    proxy_set_header X-Forwarded-For $remote_addr;

    location / {
         proxy_pass         http://127.0.0.1:8000;
         proxy_set_header   Host $host;
         proxy_set_header   X-Real-IP $remote_addr;
         proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header   X-Forwarded-Host $server_name;
         proxy_read_timeout  1200s;

         # used for view/edit office file via Office Online Server
         client_max_body_size 0;

         access_log      /var/log/nginx/seahub.access.log;
         error_log       /var/log/nginx/seahub.error.log;
    }

# If you are using [FastCGI](http://en.wikipedia.org/wiki/FastCGI),
# which is not recommended, you should use the following config for location `/`.
#
#    location / {
#         fastcgi_pass    127.0.0.1:8000;
#         fastcgi_param   SCRIPT_FILENAME     $document_root$fastcgi_script_name;
#         fastcgi_param   PATH_INFO           $fastcgi_script_name;
#
#         fastcgi_param     SERVER_PROTOCOL     $server_protocol;
#         fastcgi_param   QUERY_STRING        $query_string;
#         fastcgi_param   REQUEST_METHOD      $request_method;
#         fastcgi_param   CONTENT_TYPE        $content_type;
#         fastcgi_param   CONTENT_LENGTH      $content_length;
#         fastcgi_param     SERVER_ADDR         $server_addr;
#         fastcgi_param     SERVER_PORT         $server_port;
#         fastcgi_param     SERVER_NAME         $server_name;
#         fastcgi_param   REMOTE_ADDR         $remote_addr;
#          fastcgi_read_timeout 36000;
#
#         client_max_body_size 0;
#
#         access_log      /var/log/nginx/seahub.access.log;
#          error_log       /var/log/nginx/seahub.error.log;
#    }

    location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        proxy_pass http://127.0.0.1:8082;
        client_max_body_size 0;

        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_send_timeout  36000s;

        send_timeout  36000s;
    }
    location /media {
        root /home/user/haiwen/seafile-server-latest/seahub;
    }
}

Nginx 默认设置 "client_max_body_size" 为 1M。如果上传文件大于这个值的话，会报错，相关 HTTP 状态码为 423 ("Request Entity Too Large"). 你可以将值设为 0 以禁用此功能.
如果要上传大于 4GB 的文件，默认情况下 Nginx 会把整个文件存在一个临时文件中，然后发给上游服务器 (seaf-server)，这样容易出错。使用 1.8.0 以上版本同时在 Nginx 配置文件中设置以下内容能解决这个问题：
location /seafhttp {
... ...
proxy_request_buffering off;
}

https代理（seafile）

server {
    listen       80;
    server_name  seafile.example.com;
    rewrite ^ https://$http_host$request_uri? permanent;    #强制将http重定向到https
    server_tokens off;
}
server {
    listen 443;
    ssl on;
    ssl_certificate /etc/ssl/cacert.pem;        #cacert.pem 文件路径
    ssl_certificate_key /etc/ssl/privkey.pem;    #privkey.pem 文件路径
    server_name seafile.example.com;
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:5m;

    # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
    ssl_dhparam /etc/nginx/dhparam.pem;

    # secure settings (A+ at SSL Labs ssltest at time of writing)
    # see https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS';
    ssl_prefer_server_ciphers on;

    proxy_set_header X-Forwarded-For $remote_addr;

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
    server_tokens off;

    location / {
        proxy_pass         http://127.0.0.1:8000;
        proxy_set_header   Host $host;
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Host $server_name;
        proxy_set_header   X-Forwarded-Proto https;

        access_log      /var/log/nginx/seahub.access.log;
        error_log       /var/log/nginx/seahub.error.log;

        proxy_read_timeout  1200s;

        client_max_body_size 0;
    }

# 如果你使用 fastcgi 请使用此配置
#
#    location / {
#        fastcgi_pass    127.0.0.1:8000;
#        fastcgi_param   SCRIPT_FILENAME     $document_root$fastcgi_script_name;
#        fastcgi_param   PATH_INFO           $fastcgi_script_name;
#
#        fastcgi_param   SERVER_PROTOCOL     $server_protocol;
#        fastcgi_param   QUERY_STRING        $query_string;
#        fastcgi_param   REQUEST_METHOD      $request_method;
#        fastcgi_param   CONTENT_TYPE        $content_type;
#        fastcgi_param   CONTENT_LENGTH      $content_length;
#        fastcgi_param   SERVER_ADDR         $server_addr;
#        fastcgi_param   SERVER_PORT         $server_port;
#        fastcgi_param   SERVER_NAME         $server_name;
#        fastcgi_param   REMOTE_ADDR         $remote_addr;
#        fastcgi_read_timeout 36000;
#
#        client_max_body_size 0;
#
#        access_log      /var/log/nginx/seahub.access.log;
#        error_log       /var/log/nginx/seahub.error.log;
#    }

    location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        proxy_pass http://127.0.0.1:8082;
        client_max_body_size 0;
        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_send_timeout  36000s;
        send_timeout  36000s;
    }
    location /media {
        root /home/user/haiwen/seafile-server-latest/seahub;
    }
}

TCP代理（rsync）

vi nginx.conf
#放最前面，已加载则不需要
load_module "/usr/lib64/nginx/modules/ngx_stream_module.so"; 

#放配置文件最后面
stream{
    upstream rsync{
        hash $remote_addr consistent;
        server 10.200.124.37:37873;
    }
    server{
        listen 37873;
        proxy_connect_timeout 20s;
        proxy_timeout 5m;
        proxy_pass rsync;
    }
}

im riak conf

upstream riak_hosts {
    server  172.18.119.95:8098;
    server  172.18.119.96:8098;
    server  172.18.119.97:8098;
    server  172.18.119.98:8098;
    server  172.18.119.99:8098;
}

server {
    listen       80;
    listen       8000;
    listen       23000 ssl;
    server_name  upload.mchat.com file.hygtchat.com;
    ssl_certificate        key/1_file.hygtchat.com_bundle.crt;
    ssl_certificate_key    key/2_file.hygtchat.com.key;

    include sslreq.txt;

    location = /auth {
        internal;
        proxy_pass_request_body     off;
        proxy_set_header X-Original-URI $request_uri;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        if ($request_method = DELETE) {
            return 405;
        }
        if ($request_method = GET) {
            return 200;
        }
        proxy_pass http://localhost:8083/auth_token;
    }

    error_page 401 = @error401;

    location @error401 {
        return 302 http://riak_hosts;
    }

    location /riak {
        if ($request_method = OPTIONS) {
            add_header Access-Control-Allow-Origin *;
            add_header Access-Control-Allow-Credentials true;
            add_header Access-Control-Allow-Methods 'GET, PUT, OPTIONS';
            add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
            return 200;
        }
        client_max_body_size 10m;
        auth_request /auth;
        rewrite /riak/(.*) /riak/test/$1?$args break;
        try_files $uri $uri/ @proxy;
    }
    location @proxy {
        proxy_set_header  Host $host;
        proxy_set_header  X-Real-IP $remote_addr;
        proxy_set_header  X-Forwarded-Proto http;
        proxy_set_header  X-Forwarded-For $remote_addr;
        proxy_set_header  X-Forwarded-Host $remote_addr;
        proxy_set_header  'Access-Control-Allow-Origin' '*';
        proxy_set_header Referer '';
        proxy_pass    http://riak_hosts;
        if ($http_user_agent ~* "Firefox|Safari"){
            add_header Access-Control-Allow-Origin *;
            add_header Content-Disposition "attachment; filename*=$arg_n";
        }
        if ($http_user_agent !~* "Firefox"){
            add_header Access-Control-Allow-Origin *;
            add_header Content-Disposition "attachment; filename=$arg_n";
        }
    }

    location / {
        root   html;
        index  index.html index.htm;
        access_log logs/access.log;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   html;
    }

}

fungaming.com.conf

cat fungaming.com.conf
server
{
        listen 80;
        listen 443 ssl;
        server_name fungaming.com www.fungaming.com;
        if ($scheme = 'http') { return 301 https://$host$request_uri; }
    ssl_certificate /etc/nginx/1.pem;
    ssl_certificate_key /etc/nginx/1.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;
    ssl_session_cache shared:SSL:10m;
    ssl_prefer_server_ciphers on;
      location /
        {
                proxy_redirect  off;
                proxy_set_header Host $http_host;
                proxy_set_header X-Forwarded-Proto https;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Scheme $scheme;
                proxy_set_header Accept-Encoding "";
                proxy_pass_header User-Agent;
                proxy_pass  http://127.0.0.1:4000;
                #sub_filter_types text/css text/xml;
                sub_filter http://$host $scheme://$host;
                sub_filter_once off;
        }
}

wss代理配置(传用户真实IP,带日志)

upstream logs19091 {
        server 192.168.220.251:19091;
}

server
{
        listen 19091 ssl;
        server_name logs.blizzmi.net;
        set $proxy_add logs19091;
        error_log              /home/wwwlogs/act.error.log;
        access_log             /home/logs/act.fungaming.me.log main;
        ssl_certificate /etc/nginx/1.crt;
        ssl_certificate_key /etc/nginx/1.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;
        ssl_session_cache shared:SSL:10m;
        ssl_prefer_server_ciphers on;

        location /
            {
                proxy_redirect  off;
                proxy_set_header Host $http_host;
                proxy_set_header X-Forwarded-Proto https;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Scheme $scheme;
                proxy_set_header Accept-Encoding "";
                proxy_pass_header User-Agent;
                proxy_pass  http://$proxy_add;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;  
                proxy_set_header Connection "Upgrade";
            }

}

Nginx 代理配置

ws 代理报错处理

kibana http代理

http代理（seafile）

https代理（seafile）

TCP代理（rsync）

im riak conf

fungaming.com.conf

wss代理配置(传用户真实IP,带日志)

热门文章

最新评论

友情链接