Skip to content

J
jumpserver
Unverified Commit 739fc00e authored by wojiushixiaobai's avatar wojiushixiaobai Committed by GitHub
Browse files
Options

Merge pull request #1528 from wojiushixiaobai/docs 

[Update]
parents 4311d2d3 10375d8b
Hide whitespace changes
Inline Side-by-side
Showing with 50 additions and 27 deletions
docs/distributed_02.rst
View file @ 739fc00e
......@@ -25,6 +25,7 @@
# 设置防火墙,开发 80 端口
$ firewall-cmd --zone=public --add-port=80/tcp --permanent
$ firewall-cmd --zone=public --add-port=443/tcp --permanent
$ firewall-cmd --reload
# 设置 http 访问权限
......@@ -79,7 +80,17 @@
access_log /var/log/nginx/tcp-access.log proxy;
open_log_file_cache off;
include /etc/nginx/conf.d/*.stream;
upstream cocossh {
server 192.168.100.12:2222;
# server ip:port max_fails=1 fail_timeout=120s;
# 这里是 coco ssh 的后端ip ,max_fails=1 fail_timeout=120s 是 HA 参数
}
server {
listen 2222;
proxy_pass cocossh;
proxy_connect_timeout 10s;
proxy_timeout 24h; #代理超时
}
}
http {
......@@ -93,14 +104,14 @@
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
# tcp_nopush on;
keepalive_timeout 65;
#关闭版本显示
# 关闭版本显示
server_tokens off;
#gzip 压缩传输
# gzip 压缩传输
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
......@@ -109,7 +120,7 @@
gzip_types text/plain application/x-javascripttext/css application/xml;
gzip_vary on;
#配置代理参数
# 配置代理参数,如果不使用可以直接注释
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
......@@ -119,7 +130,7 @@
proxy_send_timeout 90;
proxy_buffer_size 4k;
#缓存配置
# 缓存配置,如果不使用可以直接注释
proxy_temp_file_write_size 264k;
proxy_temp_path /var/cache/nginx/nginx_temp;
proxy_cache_path /var/cache/nginx/nginx_cache levels=1:2 keys_zone=cache_one:200m inactive=5d max_size=400m;
......@@ -130,6 +141,9 @@
::
# 备份默认的配置文件
$ mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.bak
$ vim /etc/nginx/conf.d/jumpserver.conf
upstream jumpserver {
......@@ -152,13 +166,38 @@
server {
listen 80;
server_name www.jumpserver.org; # 自行修改成你的域名
return https://www.jumpserver.org$request_uri;
}
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
server {
# 推荐使用 https 访问,如果不使用 https 请自行注释下面的选项
listen 443;
server_name www.jumpserver.org; # 自行修改成你的域名
ssl on;
ssl_certificate /etc/nginx/sslkey/1_jumpserver.org_bundle.crt; # 自行设置证书
ssl_certificate_key /etc/nginx/sslkey/2_jumpserver.org.key; # 自行设置证书
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
# 缓存设置,可以自行修改,如果不使用可以直接注释
location ~ .*\.(gz|woff2|htm|html|gif|jpg|jpeg|png|bmp|ico|xls|css|js)$ {
proxy_cache cache_one;
proxy_cache_valid 200 304 302 2d;
proxy_cache_valid any 1d;
# 以域名、URI、参数组合成Web缓存的Key值,Nginx根据Key值哈希,存储缓存内容到二级缓存目录内
proxy_cache_key $host$uri$is_args$args;
add_header X-Cache '$upstream_cache_status from $host';
proxy_pass http://59.172.105.130:78;
expires 30d;
access_log off;
location / {
proxy_pass http://jumpserver; # jumpserver
# proxy_next_upstream http_500 http_502 http_503 http_504 http_404;
}
location /luna/ {
......@@ -172,6 +211,7 @@
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# proxy_next_upstream http_500 http_502 http_503 http_504 http_404;
}
location /guacamole/ {
......@@ -183,24 +223,7 @@
proxy_set_header Connection $http_connection;
access_log off;
client_max_body_size 100m; # Windows 文件上传大小限制
}
}
::
$ vim /etc/nginx/conf.d/coco.stream
stream {
upstream cocossh {
server 192.168.100.12:2222;
# server ip:port max_fails=1 fail_timeout=120s;
# 这里是 coco ssh 的后端ip ,max_fails=1 fail_timeout=120s 是 HA 参数
}
server {
listen 2222;
proxy_pass cocossh;
proxy_connect_timeout 10s;
proxy_timeout 24h; #代理超时
# proxy_next_upstream http_500 http_502 http_503 http_504 http_404;
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment