Skip to content
Projects
Groups
Snippets
Help
Loading...
Sign in
Toggle navigation
J
jumpserver
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
ops
jumpserver
Commits
739fc00e
Unverified
Commit
739fc00e
authored
Jul 13, 2018
by
wojiushixiaobai
Committed by
GitHub
Jul 13, 2018
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #1528 from wojiushixiaobai/docs
[Update]
parents
4311d2d3
10375d8b
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
50 additions
and
27 deletions
+50
-27
distributed_02.rst
docs/distributed_02.rst
+50
-27
No files found.
docs/distributed_02.rst
View file @
739fc00e
...
@@ -25,6 +25,7 @@
...
@@ -25,6 +25,7 @@
# 设置防火墙,开发 80 端口
# 设置防火墙,开发 80 端口
$ firewall-cmd --zone=public --add-port=80/tcp --permanent
$ firewall-cmd --zone=public --add-port=80/tcp --permanent
$ firewall-cmd --zone=public --add-port=443/tcp --permanent
$ firewall-cmd --reload
$ firewall-cmd --reload
# 设置 http 访问权限
# 设置 http 访问权限
...
@@ -79,7 +80,17 @@
...
@@ -79,7 +80,17 @@
access_log /var/log/nginx/tcp-access.log proxy;
access_log /var/log/nginx/tcp-access.log proxy;
open_log_file_cache off;
open_log_file_cache off;
include /etc/nginx/conf.d/*.stream;
upstream cocossh {
server 192.168.100.12:2222;
# server ip:port max_fails=1 fail_timeout=120s;
# 这里是 coco ssh 的后端ip ,max_fails=1 fail_timeout=120s 是 HA 参数
}
server {
listen 2222;
proxy_pass cocossh;
proxy_connect_timeout 10s;
proxy_timeout 24h; #代理超时
}
}
}
http {
http {
...
@@ -93,14 +104,14 @@
...
@@ -93,14 +104,14 @@
access_log /var/log/nginx/access.log main;
access_log /var/log/nginx/access.log main;
sendfile on;
sendfile on;
#tcp_nopush on;
#
tcp_nopush on;
keepalive_timeout 65;
keepalive_timeout 65;
#关闭版本显示
#
关闭版本显示
server_tokens off;
server_tokens off;
#gzip 压缩传输
#
gzip 压缩传输
gzip on;
gzip on;
gzip_min_length 1k;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_buffers 4 16k;
...
@@ -109,7 +120,7 @@
...
@@ -109,7 +120,7 @@
gzip_types text/plain application/x-javascripttext/css application/xml;
gzip_types text/plain application/x-javascripttext/css application/xml;
gzip_vary on;
gzip_vary on;
#
配置代理参数
#
配置代理参数,如果不使用可以直接注释
proxy_redirect off;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
...
@@ -119,7 +130,7 @@
...
@@ -119,7 +130,7 @@
proxy_send_timeout 90;
proxy_send_timeout 90;
proxy_buffer_size 4k;
proxy_buffer_size 4k;
#
缓存配置
#
缓存配置,如果不使用可以直接注释
proxy_temp_file_write_size 264k;
proxy_temp_file_write_size 264k;
proxy_temp_path /var/cache/nginx/nginx_temp;
proxy_temp_path /var/cache/nginx/nginx_temp;
proxy_cache_path /var/cache/nginx/nginx_cache levels=1:2 keys_zone=cache_one:200m inactive=5d max_size=400m;
proxy_cache_path /var/cache/nginx/nginx_cache levels=1:2 keys_zone=cache_one:200m inactive=5d max_size=400m;
...
@@ -130,6 +141,9 @@
...
@@ -130,6 +141,9 @@
::
::
# 备份默认的配置文件
$ mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.bak
$ vim /etc/nginx/conf.d/jumpserver.conf
$ vim /etc/nginx/conf.d/jumpserver.conf
upstream jumpserver {
upstream jumpserver {
...
@@ -152,13 +166,38 @@
...
@@ -152,13 +166,38 @@
server {
server {
listen 80;
listen 80;
server_name www.jumpserver.org; # 自行修改成你的域名
return https://www.jumpserver.org$request_uri;
}
proxy_set_header X-Real-IP $remote_addr;
server {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# 推荐使用 https 访问,如果不使用 https 请自行注释下面的选项
listen 443;
server_name www.jumpserver.org; # 自行修改成你的域名
ssl on;
ssl_certificate /etc/nginx/sslkey/1_jumpserver.org_bundle.crt; # 自行设置证书
ssl_certificate_key /etc/nginx/sslkey/2_jumpserver.org.key; # 自行设置证书
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
# 缓存设置,可以自行修改,如果不使用可以直接注释
location ~ .*\.(gz|woff2|htm|html|gif|jpg|jpeg|png|bmp|ico|xls|css|js)$ {
proxy_cache cache_one;
proxy_cache_valid 200 304 302 2d;
proxy_cache_valid any 1d;
# 以域名、URI、参数组合成Web缓存的Key值,Nginx根据Key值哈希,存储缓存内容到二级缓存目录内
proxy_cache_key $host$uri$is_args$args;
add_header X-Cache '$upstream_cache_status from $host';
proxy_pass http://59.172.105.130:78;
expires 30d;
access_log off;
location / {
location / {
proxy_pass http://jumpserver; # jumpserver
proxy_pass http://jumpserver; # jumpserver
# proxy_next_upstream http_500 http_502 http_503 http_504 http_404;
}
}
location /luna/ {
location /luna/ {
...
@@ -172,6 +211,7 @@
...
@@ -172,6 +211,7 @@
proxy_http_version 1.1;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Connection "upgrade";
# proxy_next_upstream http_500 http_502 http_503 http_504 http_404;
}
}
location /guacamole/ {
location /guacamole/ {
...
@@ -183,24 +223,7 @@
...
@@ -183,24 +223,7 @@
proxy_set_header Connection $http_connection;
proxy_set_header Connection $http_connection;
access_log off;
access_log off;
client_max_body_size 100m; # Windows 文件上传大小限制
client_max_body_size 100m; # Windows 文件上传大小限制
}
# proxy_next_upstream http_500 http_502 http_503 http_504 http_404;
}
::
$ vim /etc/nginx/conf.d/coco.stream
stream {
upstream cocossh {
server 192.168.100.12:2222;
# server ip:port max_fails=1 fail_timeout=120s;
# 这里是 coco ssh 的后端ip ,max_fails=1 fail_timeout=120s 是 HA 参数
}
server {
listen 2222;
proxy_pass cocossh;
proxy_connect_timeout 10s;
proxy_timeout 24h; #代理超时
}
}
}
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment