Nginx结合腾讯云CLB完成请求头Host重写
需求背景 1.常规情况是访问A域名时对外展示域名信息不变,内容却是B域名的,大部分在多版本发布切换时才有这种的需求 2.非常规情况是临时过渡或者域名更换时遗留访问导向 3.使用的是腾讯云clb做负载均衡暂不支持自定义请求header头
想要的效果 访问http或https://xxx.domainold.com时实际上是访问http或https://xxx.domainnew.xom的内容
解决方案 该方案只支持未过CDN的域名,因为过了CDN域名前端访问控制权在腾讯云手中,不可以自定义nginx拦截流量。
架构变更 原架构:Client--七层Clb--CVM 新架构:Client--四层Clb--Nginx--七层Clb--CVM
具体配置 需要通过修改header头加反向代理方式实现可行,配置如下:
server {
listen 80;
listen 443 ssl;
server_name jumpserver.domainold.com;
ssl_certificate ssl/domainold.com.crt;
ssl_certificate_key ssl/domainold.com.key;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:AES:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!DHE:3DES;"
ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 60m;
location / {
proxy_pass http://158.8.188.188:80;
proxy_set_header Host jumpserver.domainnew.com;
}
access_log logs/jumpserver.log main;
}备注:由于cname只改变路由且腾讯云clb不支持修改header头,所以需要新增一层nginx自定义重写header请求头中host值。jumpserver.domainold.com解析到nginx,其中158.8.188.188为7层clb负载对应的是domainnew.com域名。
访问验证 1.nginx访问日志
108.38.55.198 - - [13/Jul/2020:18:56:28 +0800] "GET /static/js/plugins/echarts/chart/pie.js HTTP/1.1" 200 12159 "https://jumpserver.domainold.com/" jumpserver.domainold.com "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36" "-"2.clb访问日志
{"request":"GET /static/js/plugins/echarts/chart/pie.js HTTP/1.0","server_name":"jumpserver.domainnew.com","stgw_engine_connect_time":"-","upstream_addr":"10.2.8.35:80","upstream_header_time":"0.003","connection_requests":"1","ssl_cipher":"-","stgw_engine_response_time":"-","stgw_request_id":"186f546bcc8484a5b7ab1855afef4ff8","http_host":"jumpserver.domainnew.com","http_user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36","upstream_status":"200","vip_vpcid":-1,"request_time":"0.003","via_stgw_engine":"-","proxy_host":"661564","vsvc_id":"530789","connection":"30345865319","tcpinfo_rtt":"11000","ssl_protocol":"-","remote_addr":"118.89.230.123","remote_port":"54234","time_local":"13/Jul/2020:18:56:28 +0800","bytes_sent":"12408","server_addr":"154.8.188.184","protocol_type":"http","ssl_handshake_time":"-","upstream_connect_time":"0.002","request_length":"574","http_referer":"https://jumpserver.domainold.com/","ssl_session_reused":"-","server_port":"1072","upstream_response_time":"0.003","status":200,"__TOPIC__":"clb_api","__SOURCE__":"100.98.178.58","__FILENAME__":"access.log"}可以发现域名变化了, 原因访问domainold.com的请求变成了访问domainnew.com的请求了。
本文参与 腾讯云自媒体分享计划,分享自作者个人站点/博客。
原始发表:2020-07-14 ,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读