我试图弄清楚如何通过docker动态代理单个nginx代理后面的几个微服务。我已经能够通过一个应用程序将其拉下来,但我想动态添加微服务。我想在不重启nginx和干扰用户的情况下这样做。
这是可能的,还是应该为每个微服务创建一个配置文件?我在下面提供了样本:
localhost =简单欢迎页面
localhost / service1 =微服务
localhost / service2 =微服务
localhost / serviceN = microservice
搬运工-compose.yml
---
version: '2'
services:
app:
build: app
microservice1:
image: registry.local:4567/microservice1:latest
microservice2:
image: registry.local:4567/microservice2:latest
proxy:
build: proxy
ports:
- "80:80"
proxy.conf
server {
listen 80;
resolver 127.0.0.11 valid=5s ipv6=off;
set $upstream "http://app";
location / {
proxy_pass $upstream$request_uri;
}
}
答案 0 :(得分:4)
我也遇到了同样的问题,我在 Flask 中有微服务,我不得不将它们部署在单个 EC2 实例中作为暂存环境。
我的目录结构如下:
SampleProject
|\_microservices
||\
|| \_A
|| |-docker-compose.yml
|| |-Dockerfile
| \
| \_B
| |-docker-compose.yml
| |-Dockerfile
|
|
|\_docker
| \_web
| |-Dockerfile
| |_nginx
| |-nginx.conf
|
|-docker-compose.yml(Nginx)
对于 Nginx,docker-compose.yml 如下所示:
version: '3.7'
services:
web:
build:
context: .
dockerfile: ./docker/web/Dockerfile
ports:
- "80:80"
networks:
default:
external:
name: microservices
Nginx 的配置如下:
upstream files_to_text {
server microserviceA:5000;
}
upstream text_cleaning {
server microserviceB:5050;
}
server {
listen 80;
location /microserviceA {
proxy_pass http://files_to_text;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
}
location /microserviceB {
proxy_pass http://text_cleaning;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
}
}
为了强制实施 SSL,我使用了 AWS Certificate Manager 和 Application Load Balancer。 有 3 个步骤:
答案 1 :(得分:0)
/etc/nginx/sites-available/中每个微服务的配置文件,/etc/nginx/sites-enabled/
示例proxy.conf用于将app / microservice1 / microservice2作为$ MICRO_SERVICE放置的每个位置,
upstream REPLACEME_SERVICENAME {
server $MICRO_SERVICE:PORT fail_timeout=0;
}
server {
listen 80;
server_name REPLACEME_SITENAME.REPLACEME_DOMAIN;
proxy_pass http://REPLACEME_SERVICENAME;
}
强制使用SSL:
upstream REPLACEME_SITENAME.REPLACEME_DOMAIN {
server $MICRO_SERVICE fail_timeout=0;
}
server {
# We only redirect from port 80 to 443
# to enforce encryption
listen 80;
server_name REPLACEME_SITENAME.REPLACEME_DOMAIN;
return 301 https://REPLACEME_SITENAME.REPLACEME_DOMAIN$request_uri;
}
server {
listen 443 ssl http2;
server_name REPLACEME_SITENAME.REPLACEME_DOMAIN;
# If you require basic auth you can use these lines as an example
#auth_basic "Restricted!";
#auth_basic_user_file /etc/nginx/private/httplock;
# SSL
ssl_certificate /etc/letsencrypt/live/REPLACEME_SITENAME.REPLACEME_DOMAIN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/REPLACEME_SITENAME.REPLACEME_DOMAIN/privkey.pem;
proxy_connect_timeout 75s;
proxy_send_timeout 75s;
proxy_read_timeout 75s;
proxy_http_version 1.1;
send_timeout 75s;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH";
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $remote_addr;
proxy_pass http://REPLACEME_SITENAME.REPLACEME_DOMAIN;
}
}
我还有一个仓库,我在我的衣柜里为raspberryPi建立一个小的nginx服务,为我家里的所有东西提供服务:
https://github.com/joshuacox/local-nginx/
还有一个Makefile来帮助创建新服务。