OpenShift - nginx pod as SSL termination and load balancer

别等时光非礼了梦想. 提交于 2019-12-13 00:06:16

问题


In the past, I have used the following configuration file for nginx on Ubuntu. It does the following:

  1. SSL termination
  2. Load balancer
  3. Inserts a custom header X-Nginx-header
  4. Logs the invocations
events { }

http {
    log_format main '$time_iso8601 - $remote_addr - "$http_user_agent" - "$request" - $request_id '
    '- $status - $body_bytes_sent - $request_time ';

    access_log /home/ubuntu/project-demo/logs/access.log main;
    error_log /home/ubuntu/project-demo/logs/error.log error;
    proxy_cache_path /data/nginx/cache keys_zone=one:10m;

    upstream demoapp {
        least_conn;
        server localhost:3001;
        server localhost:3002;
        server localhost:3003;
        server localhost:3004;
    }

    server {
        listen 443 ssl;

        ssl_certificate         /home/ubuntu/project-demo/certs/server.crt;
        ssl_certificate_key     /home/ubuntu/project-demo/certs/server.pem;
        ssl_protocols           TLSv1.1 TLSv1.2;
        ssl_ciphers             HIGH:!aNULL:!MD5;
        ssl_session_cache       shared:SSL:20m;
        ssl_session_timeout     4h;

        location / {
            proxy_set_header X-Nginx-header $request_id;
            proxy_pass http://demoapp/;
        }
    }
}

I want to replicate the same with nginx deployed as a pod in an OpenShift cluster. I can see nginx as listed in the catalog of OpenShift cluster. When I try to launch one, it shows a field for GitHub repository with a sample repository - https://github.com/sclorg/nginx-ex.git

How do I utilize this repository for the configuration file shown above?


回答1:


The documentation for the nginx 1.14 version of this image can be found here

This is an s2i image. s2i is a build mechanism that takes source code (in your case the nginx configuration) and a base s2i image (in your case the sclorg nginx contianer image) and produces a runtime image (in your case an nginx image with configuration).

Based on the above documentation for that nginx s2i image if you point the s2i build process at a VCS repository (or local directory) with any of the following files inside it, they will automatically be consumed by the nginx s2i builder image to produce a configured runtime container image.

./nginx.conf-- The main nginx configuration file

./nginx-cfg/*.conf
Should contain all nginx configuration we want to include into image

./nginx-default-cfg/*.conf
Contains any nginx config snippets to include in the default server block

./nginx-start/*.sh
Contains shell scripts that are sourced right before nginx is launched

./
Should contain nginx application source code

In your case that means you can either put your configuration in a nginx.conf file to overwrite the entire nginx configuration or in a ./nginx-cfg/*.conf file to just add your configuration to the default nginx.conf file.



来源:https://stackoverflow.com/questions/58096616/openshift-nginx-pod-as-ssl-termination-and-load-balancer

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!