Skip to content

J
jumpserver
Unverified Commit 64c61c6d authored by wojiushixiaobai's avatar wojiushixiaobai Committed by GitHub
Browse files
Options

Merge pull request #1568 from wojiushixiaobai/docs 

[Fix]修正nginx代理参数
parents 9c449090 90552aba
Hide whitespace changes
Inline Side-by-side
Showing with 67 additions and 61 deletions
docs/distributed_02.rst
View file @ 64c61c6d
......@@ -81,7 +81,7 @@
open_log_file_cache off;
upstream cocossh {
server 192.168.100.12:2222;
server 192.168.100.12:2222 max_fails=1 fail_timeout=120s;
# server ip:port max_fails=1 fail_timeout=120s;
# 这里是 coco ssh 的后端ip ,max_fails=1 fail_timeout=120s 是 HA 参数
}
......@@ -111,31 +111,6 @@
# 关闭版本显示
server_tokens off;
# gzip 压缩传输
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascripttext/css application/xml;
gzip_vary on;
# 配置代理参数,如果不使用可以直接注释
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 90;
proxy_read_timeout 90;
proxy_send_timeout 90;
proxy_buffer_size 4k;
# 缓存配置,如果不使用可以直接注释
proxy_temp_file_write_size 256k;
proxy_temp_path /var/cache/nginx/nginx_temp;
proxy_cache_path /var/cache/nginx/nginx_cache levels=1:2 keys_zone=cache_one:200m inactive=5d max_size=400m;
proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;
include /etc/nginx/conf.d/*.conf;
}
......@@ -183,20 +158,12 @@
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
# 缓存设置,可以自行修改,如果不使用可以直接注释
location ~ .*\.(gz|woff2|htm|html|gif|jpg|jpeg|png|bmp|ico|xls|css|js)$ {
proxy_cache cache_one;
proxy_cache_valid 200 304 302 2d;
proxy_cache_valid any 1d;
# 以域名、URI、参数组合成Web缓存的Key值,Nginx根据Key值哈希,存储缓存内容到二级缓存目录内
proxy_cache_key $host$uri$is_args$args;
add_header X-Cache '$upstream_cache_status from $host';
proxy_pass http://jumpserver;
expires 30d;
access_log off;
location / {
proxy_pass http://jumpserver; # jumpserver
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
# proxy_next_upstream http_500 http_502 http_503 http_504 http_404;
}
......@@ -211,6 +178,10 @@
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
# proxy_next_upstream http_500 http_502 http_503 http_504 http_404;
}
......@@ -218,9 +189,11 @@
proxy_pass http://guacamole/; # guacamole
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
client_max_body_size 100m; # Windows 文件上传大小限制
# proxy_next_upstream http_500 http_502 http_503 http_504 http_404;
......
docs/distributed_04.rst
View file @ 64c61c6d
......@@ -166,10 +166,6 @@
server {
listen 80;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/; # 录像位置,如果修改安装目录,此处需要修改
......@@ -181,6 +177,9 @@
location / {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
......
docs/faq.rst
View file @ 64c61c6d
......@@ -198,19 +198,33 @@ FAQ
location / {
# 这里的IP是后端服务器的IP,后端服务器就是文档一步一步安装来的
proxy_pass http://192.168.244.144;
proxy_redirect default;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header HTTP_X_FORWARDED_FOR $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 150;
}
# 新增下面这一段
# 新增下面内容
location /socket.io/ {
proxy_pass http://192.168.244.144/socket.io/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /guacamole/ {
proxy_pass http://192.168.244.144/guacamole/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
client_max_body_size 100m; # Windows 文件上传大小限制
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
docs/setup_by_centos7.rst
View file @ 64c61c6d
......@@ -341,21 +341,30 @@ CentOS 7 安装文档
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/; # 如果docker安装在别的服务器, 请填写它的ip
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
access_log off;
client_max_body_size 100m; # Windows 文件上传大小限制
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location / {
proxy_pass http://localhost:8080; # 如果jumpserver安装在别的服务器, 请填写它的ip
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
......
docs/setup_by_ubuntu.rst
View file @ 64c61c6d
......@@ -420,9 +420,6 @@ Luna 已改为纯前端,需要 Nginx 来运行访问
server_name _;
## 新增如下内容,以上内容是原文内容,请从这一行开始复制
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location /luna/ {
try_files $uri / /index.html;
......@@ -439,26 +436,35 @@ Luna 已改为纯前端,需要 Nginx 来运行访问
}
location /socket.io/ {
proxy_pass http://localhost:5000/socket.io/;
proxy_pass http://localhost:5000/socket.io/; # 如果coco安装在别的服务器,请填写它的ip
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/; # 如果guacamole安装在别的服务器,请填写它的ip
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
access_log off;
client_max_body_size 100m; # Windows 文件上传大小限制
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
## 到此结束,请不要继续复制了
......
docs/step_by_step.rst
View file @ 64c61c6d
......@@ -467,10 +467,6 @@ Jumpserver 会话管理-终端管理(http://192.168.244.144:8080/terminal/term
server {
listen 80; # 代理端口,以后将通过此端口进行访问,不再通过8080端口
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/; # luna 路径,如果修改安装目录,此处需要修改
......@@ -491,21 +487,30 @@ Jumpserver 会话管理-终端管理(http://192.168.244.144:8080/terminal/term
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/; # 如果guacamole安装在别的服务器,请填写它的ip
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
client_max_body_size 100m; # Windows 文件上传大小限制
}
location / {
proxy_pass http://localhost:8080; # 如果jumpserver安装在别的服务器,请填写它的ip
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment