Merge pull request #1568 from wojiushixiaobai/docs

[Fix]修正nginx代理参数

docs/distributed_02.rst

@@ -81,7 +81,7 @@
         open_log_file_cache off;
 
         upstream cocossh {
-            server 192.168.100.12:2222;
+            server 192.168.100.12:2222 max_fails=1 fail_timeout=120s;
             # server ip:port max_fails=1 fail_timeout=120s;
             # 这里是 coco ssh 的后端ip ，max_fails=1 fail_timeout=120s 是 HA 参数
         }
@@ -111,31 +111,6 @@
         # 关闭版本显示
         server_tokens off;
 
-        # gzip 压缩传输
-        gzip on;
-        gzip_min_length 1k;
-        gzip_buffers    4 16k;
-        gzip_http_version 1.0;
-        gzip_comp_level 2;
-        gzip_types text/plain application/x-javascripttext/css application/xml;
-        gzip_vary on;
-
-        # 配置代理参数，如果不使用可以直接注释
-        proxy_redirect off;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_connect_timeout 90;
-        proxy_read_timeout 90;
-        proxy_send_timeout 90;
-        proxy_buffer_size 4k;
-
-        # 缓存配置，如果不使用可以直接注释
-        proxy_temp_file_write_size 256k;
-        proxy_temp_path /var/cache/nginx/nginx_temp;
-        proxy_cache_path /var/cache/nginx/nginx_cache levels=1:2 keys_zone=cache_one:200m inactive=5d max_size=400m;
-        proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;
-
         include /etc/nginx/conf.d/*.conf;
     }
 
@@ -183,20 +158,12 @@
         ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
         ssl_prefer_server_ciphers on;
 
-        # 缓存设置，可以自行修改，如果不使用可以直接注释
-        location ~ .*\.(gz|woff2|htm|html|gif|jpg|jpeg|png|bmp|ico|xls|css|js)$ {
-                proxy_cache cache_one;
-                proxy_cache_valid 200 304 302 2d;
-                proxy_cache_valid any 1d;
-                # 以域名、URI、参数组合成Web缓存的Key值，Nginx根据Key值哈希，存储缓存内容到二级缓存目录内
-                proxy_cache_key $host$uri$is_args$args;
-                add_header X-Cache '$upstream_cache_status from $host';
-                proxy_pass http://jumpserver;
-                expires 30d;
-                access_log off;
-
         location / {
             proxy_pass http://jumpserver;  # jumpserver
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header Host $host;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            access_log off;
             # proxy_next_upstream http_500 http_502 http_503 http_504 http_404;
         }
 
@@ -211,6 +178,10 @@
             proxy_http_version 1.1;
             proxy_set_header Upgrade $http_upgrade;
             proxy_set_header Connection "upgrade";
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header Host $host;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            access_log off;
             # proxy_next_upstream http_500 http_502 http_503 http_504 http_404;
         }
 
@@ -218,9 +189,11 @@
             proxy_pass       http://guacamole/;  #  guacamole
             proxy_buffering off;
             proxy_http_version 1.1;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header Upgrade $http_upgrade;
             proxy_set_header Connection $http_connection;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header Host $host;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             access_log off;
             client_max_body_size 100m;  # Windows 文件上传大小限制
             # proxy_next_upstream http_500 http_502 http_503 http_504 http_404;

docs/distributed_04.rst

@@ -166,10 +166,6 @@
     server {
         listen 80;
 
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header Host $host;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
         location /media/ {
             add_header Content-Encoding gzip;
             root /opt/jumpserver/data/;  # 录像位置，如果修改安装目录，此处需要修改
@@ -181,6 +177,9 @@
 
         location / {
             proxy_pass http://localhost:8080;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header Host $host;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         }
     }
 

docs/faq.rst

@@ -198,19 +198,33 @@ FAQ
         location / {
                 # 这里的IP是后端服务器的IP，后端服务器就是文档一步一步安装来的
                 proxy_pass http://192.168.244.144;
-                proxy_redirect      default;
-                proxy_set_header    Host             $host;
-                proxy_set_header    X-Real-IP        $remote_addr;
-                proxy_set_header    X-Forwarded-For  $proxy_add_x_forwarded_for;
-                proxy_set_header    HTTP_X_FORWARDED_FOR $remote_addr;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header Host $host;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                 proxy_read_timeout 150;
         }
-        # 新增下面这一段
+
+        # 新增下面内容
         location /socket.io/ {
                 proxy_pass http://192.168.244.144/socket.io/;
                 proxy_buffering off;
                 proxy_http_version 1.1;
                 proxy_set_header Upgrade $http_upgrade;
                 proxy_set_header Connection "upgrade";
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header Host $host;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+
+        location /guacamole/ {
+                proxy_pass       http://192.168.244.144/guacamole/;
+                proxy_buffering off;
+                proxy_http_version 1.1;
+                proxy_set_header Upgrade $http_upgrade;
+                proxy_set_header Connection $http_connection;
+                client_max_body_size 100m;  # Windows 文件上传大小限制
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header Host $host;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         }
     }

docs/setup_by_centos7.rst

@@ -341,21 +341,30 @@ CentOS 7 安装文档
             proxy_http_version 1.1;
             proxy_set_header Upgrade $http_upgrade;
             proxy_set_header Connection "upgrade";
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header Host $host;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            access_log off;
         }
 
         location /guacamole/ {
             proxy_pass       http://localhost:8081/;  # 如果docker安装在别的服务器, 请填写它的ip
             proxy_buffering off;
             proxy_http_version 1.1;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header Upgrade $http_upgrade;
             proxy_set_header Connection $http_connection;
-            access_log off;
             client_max_body_size 100m;  # Windows 文件上传大小限制
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header Host $host;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            access_log off;
         }
 
         location / {
             proxy_pass http://localhost:8080;  # 如果jumpserver安装在别的服务器, 请填写它的ip
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header Host $host;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         }
     }
 

docs/setup_by_ubuntu.rst

@@ -420,9 +420,6 @@ Luna 已改为纯前端，需要 Nginx 来运行访问
         server_name _;
 
         ## 新增如下内容，以上内容是原文内容，请从这一行开始复制
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header Host $host;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 
         location /luna/ {
             try_files $uri / /index.html;
@@ -439,26 +436,35 @@ Luna 已改为纯前端，需要 Nginx 来运行访问
         }
 
         location /socket.io/ {
-            proxy_pass       http://localhost:5000/socket.io/;
+            proxy_pass       http://localhost:5000/socket.io/; # 如果coco安装在别的服务器，请填写它的ip
             proxy_buffering off;
             proxy_http_version 1.1;
             proxy_set_header Upgrade $http_upgrade;
             proxy_set_header Connection "upgrade";
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header Host $host;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            access_log off;
         }
 
         location /guacamole/ {
             proxy_pass       http://localhost:8081/;  # 如果guacamole安装在别的服务器，请填写它的ip
             proxy_buffering off;
             proxy_http_version 1.1;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header Upgrade $http_upgrade;
             proxy_set_header Connection $http_connection;
             access_log off;
             client_max_body_size 100m;  # Windows 文件上传大小限制
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header Host $host;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         }
 
         location / {
             proxy_pass http://localhost:8080;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header Host $host;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         }
         ## 到此结束，请不要继续复制了
 

docs/step_by_step.rst

@@ -467,10 +467,6 @@ Jumpserver 会话管理-终端管理（http://192.168.244.144:8080/terminal/term
     server {
         listen 80;  # 代理端口，以后将通过此端口进行访问，不再通过8080端口
 
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header Host $host;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
         location /luna/ {
             try_files $uri / /index.html;
             alias /opt/luna/;  # luna 路径，如果修改安装目录，此处需要修改
@@ -491,21 +487,30 @@ Jumpserver 会话管理-终端管理（http://192.168.244.144:8080/terminal/term
             proxy_http_version 1.1;
             proxy_set_header Upgrade $http_upgrade;
             proxy_set_header Connection "upgrade";
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header Host $host;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            access_log off;
         }
 
         location /guacamole/ {
             proxy_pass       http://localhost:8081/;  # 如果guacamole安装在别的服务器，请填写它的ip
             proxy_buffering off;
             proxy_http_version 1.1;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header Upgrade $http_upgrade;
             proxy_set_header Connection $http_connection;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header Host $host;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             access_log off;
             client_max_body_size 100m;  # Windows 文件上传大小限制
         }
 
         location / {
             proxy_pass http://localhost:8080;  # 如果jumpserver安装在别的服务器，请填写它的ip
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header Host $host;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         }
     }