服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 为什么我不能使用Digital Ocean私有IP进行反向代理,使用这个Salt Cloud设置?
Intereting Posts
在IIS7上的电子邮件编码 如何从Linux连接到Juniper VPN 所有国家代码TLD的域名提供商? FreeBSD XEN内核不能在XenServer 6.2中引导 传统的不支持dpi的应用程序分辨率缩放? 如何手动设置docker集装箱的内部IP? 最近注册.st域名,为什么我的域名不能redirect到我的networking服务器? 如果我删除它,是否会重新生成Munin HTML输出目录? 确定在给定SID下运行的exe文件 你如何设置一个DNS服务器,以便能够即时添加logging? 使用Zabbix监控RESTful API Web服务 为什么Apache启用读取文件formscaching? 更好的1-6mil文件的文件夹结构? 当%post部分在自动Linux安装中运行时 更改Centreon图表所用磁盘空间的y轴刻度

为什么我不能使用Digital Ocean私有IP进行反向代理,使用这个Salt Cloud设置?

我正在跟着这个DigitalOcean教程 ,介绍Salt Cloud如何工作,以及两个应用程序服务器和一个反向代理。 最后的预期结果是,您应该在反向代理背后的两台机器上运行一个纯JS应用程序,告诉您应用程序的IP地址,这将显示这两个应用程序服务器正在运行并被代理。 不过,我只能得到Nginx的欢迎页面。

下面是nginxconfiguration文件,首先是模板,然后是生成的:

模板 

### /srv/salt/nginx/files/awesome-app.conf.jin ### ################################################## ### Configuration file for Nginx to act as a ### reverse proxy for an app farm. # Define the app servers that we're in front of. upstream awesome-app { {% for server, addrs in salt['mine.get']('roles:appserver', 'network.ip_addrs', expr_form='grain').items() %} server {{ addrs[0] }}:1337; {% endfor %} } # Forward all port 80 http traffic to our app farm, defined above as 'awesome-app'. server { listen 80; server_name {{ salt['network.ip_addrs']()[0] }}; # <-- change the '1' to '0' if you're not using # DigitalOcean's private networking. access_log /var/log/nginx/awesome-app.access.log; error_log /var/log/nginx/awesome-app.error.log; ## forward request to awesome-app ## location / { proxy_pass http://awesome-app; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }

产生 

  ### /srv/salt/nginx/files/awesome-app.conf.jin ### ################################################## ### Configuration file for Nginx to act as a ### reverse proxy for an app farm. # Define the app servers that we're in front of. upstream awesome-app { server 10.12.0.6:1337; server 10.12.0.8:1337; } # Forward all port 80 http traffic to our app farm, defined above as 'awesome-app'. server { listen 80; server_name 10.12.0.7; # <-- change the '1' to '0' if you're not using # DigitalOcean's private networking. access_log /var/log/nginx/awesome-app.access.log; error_log /var/log/nginx/awesome-app.error.log; ## forward request to awesome-app ## location / { proxy_pass http://awesome-app; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }

这对我来说并不正确:反向代理的公有IP肯定不是10. *地址,而是以192.241...开始的192.241...作为salt -G 'roles:rproxy' network.ip_addrs显示。 所有的小伙子都会对testingping进行响应,否则似乎会正确configuration。

我改变了server_name {{ salt['network.ip_addrs']()[0] }}; to server_name {{ salt['network.ip_addrs']()[2] }}; 在nginx server块中,因为salt -G 'roles:rproxy' network.ip_addrs有三个IP地址,其中只有第三个以192.241...开头。 现在我从nginx得到一个502坏的网关。

curl输出

这里是一个从我的家庭机器curl到nginx液滴的公共IP: 

 curl -iv --trace-time <SERVER_IP> ~ 10:43:47.827486 * Rebuilt URL to: <SERVER_IP>/ 10:43:47.832671 * Trying <SERVER_IP>... 10:43:47.841036 * Connected to <SERVER_IP> (<SERVER_IP>) port 80 (#0) 10:43:47.841122 > GET / HTTP/1.1 10:43:47.841122 > Host: <SERVER_IP> 10:43:47.841122 > User-Agent: curl/7.43.0 10:43:47.841122 > Accept: */* 10:43:47.841122 > 10:43:53.847953 < HTTP/1.1 502 Bad Gateway HTTP/1.1 502 Bad Gateway 10:43:53.848079 < Server: nginx/1.10.0 (Ubuntu) Server: nginx/1.10.0 (Ubuntu) 10:43:53.848119 < Date: Tue, 10 Jan 2017 18:43:53 GMT Date: Tue, 10 Jan 2017 18:43:53 GMT 10:43:53.848169 < Content-Type: text/html Content-Type: text/html 10:43:53.848224 < Content-Length: 182 Content-Length: 182 10:43:53.848285 < Connection: keep-alive Connection: keep-alive 10:43:53.848346 < <html> <head><title>502 Bad Gateway</title></head> <body bgcolor="white"> <center><h1>502 Bad Gateway</h1></center> <hr><center>nginx/1.10.0 (Ubuntu)</center> </body> </html> 10:43:53.848490 * Connection #0 to host <SERVER_IP> left intact

从该请求访问日志: 

 <HOME_IP> - - [10/Jan/2017:18:41:07 +0000] "GET / HTTP/1.1" 502 182 "-" "curl/7.43.0" <HOME_IP> - - [10/Jan/2017:18:41:45 +0000] "GET / HTTP/1.1" 502 182 "-" "curl/7.43.0" <HOME_IP> - - [10/Jan/2017:18:43:53 +0000] "GET / HTTP/1.1" 502 182 "-" "curl/7.43.0"

来自这些请求的错误日志: 

 2017/01/10 18:41:04 [error] 7865#7865: *1 connect() failed (113: No route to host) while connecting to upstream, client: <HOME_IP>, server: <APP_SERVER1_IP>, request: "GET / HTTP/1.1", upstream: "http://<APP_SERVER1_PRIVATE_IP>:1337/", host: "<APP_SERVER1_IP>" 2017/01/10 18:41:07 [error] 7865#7865: *1 connect() failed (113: No route to host) while connecting to upstream, client: <HOME_IP>, server: <APP_SERVER1_IP>, request: "GET / HTTP/1.1", upstream: "http://<APP_SERVER2_PRIVATE_IP>:1337/", host: "<APP_SERVER1_IP>" 2017/01/10 18:41:42 [error] 7865#7865: *4 connect() failed (113: No route to host) while connecting to upstream, client: <HOME_IP>, server: <APP_SERVER1_IP>, request: "GET / HTTP/1.1", upstream: "http://<APP_SERVER2_PRIVATE_IP>:1337/", host: "<APP_SERVER1_IP>" 2017/01/10 18:41:45 [error] 7865#7865: *4 connect() failed (113: No route to host) while connecting to upstream, client: <HOME_IP>, server: <APP_SERVER1_IP>, request: "GET / HTTP/1.1", upstream: "http://<APP_SERVER1_PRIVATE_IP>:1337/", host: "<APP_SERVER1_IP>" 2017/01/10 18:43:50 [error] 7865#7865: *7 connect() failed (113: No route to host) while connecting to upstream, client: <HOME_IP>, server: <APP_SERVER1_IP>, request: "GET / HTTP/1.1", upstream: "http://<APP_SERVER2_PRIVATE_IP>:1337/", host: "<APP_SERVER1_IP>" 2017/01/10 18:43:53 [error] 7865#7865: *7 connect() failed (113: No route to host) while connecting to upstream, client: <HOME_IP>, server: <APP_SERVER1_IP>, request: "GET / HTTP/1.1", upstream: "http://<APP_SERVER1_PRIVATE_IP>:1337/", host: "<APP_SERVER1_IP>" 2017/01/10 18:52:02 [error] 7865#7865: *11 connect() failed (113: No route to host) while connecting to upstream, client: <HOME_IP>, server: <APP_SERVER1_IP>, request: "GET / HTTP/1.1", upstream: "http://<APP_SERVER2_PRIVATE_IP>:1337/", host: "<APP_SERVER1_IP>" 2017/01/10 18:52:05 [error] 7865#7865: *11 connect() failed (113: No route to host) while connecting to upstream, client: <HOME_IP>, server: <APP_SERVER1_IP>, request: "GET / HTTP/1.1", upstream: "http://<APP_SERVER1_PRIVATE_IP>:1337/", host: "<APP_SERVER1_IP>"

这不是最好的答案,因为它依赖于公共IP,但这是一个解决方法。

Salt矿山为每个应用服务器返回两个IP地址,其中第一个是私有IP。 另一方面,在模板中对salt['network.ip_addrs']()的调用返回有三个IP地址用于反向代理,其中第三个是公用IP。

因此,如果您将反向代理更改为仅使用公共IP,则stream量应通过: 

 upstream awesome-app { {% for server, addrs in salt['mine.get']('roles:appserver', 'network.ip_addrs', expr_form='grain').items() %} server {{ addrs[1] }}:1337; {% endfor %} } # Forward all port 80 http traffic to our app farm, defined above as 'awesome-app'. server { listen 80; server_name {{ salt['network.ip_addrs']()[2] }}; # <-- change the '1' to '0' if you're not using # DigitalOcean's private networking.

在这种情况下,curl报告正确的结果: 

 curl -iv --trace-time <SERVER_PUBLIC_IP> ~ 11:08:32.790871 * Rebuilt URL to: <SERVER_PUBLIC_IP>/ 11:08:32.794702 * Trying <SERVER_PUBLIC_IP>... 11:08:32.802812 * Connected to <SERVER_PUBLIC_IP> (<SERVER_PUBLIC_IP>) port 80 (#0) 11:08:32.802986 > GET / HTTP/1.1 11:08:32.802986 > Host: <SERVER_PUBLIC_IP> 11:08:32.802986 > User-Agent: curl/7.43.0 11:08:32.802986 > Accept: */* 11:08:32.802986 > 11:08:32.816784 < HTTP/1.1 200 OK HTTP/1.1 200 OK 11:08:32.817015 < Server: nginx/1.10.0 (Ubuntu) Server: nginx/1.10.0 (Ubuntu) 11:08:32.817131 < Date: Tue, 10 Jan 2017 19:08:32 GMT Date: Tue, 10 Jan 2017 19:08:32 GMT 11:08:32.817201 < Content-Type: text/plain Content-Type: text/plain 11:08:32.817265 < Transfer-Encoding: chunked Transfer-Encoding: chunked 11:08:32.817327 < Connection: keep-alive Connection: keep-alive 11:08:32.817389 < 11:08:32.817536 * Connection #0 to host <SERVER_PUBLIC_IP> left intact ["APP_SERVER1_IP","APP_SERVER1_PRIVATE_IP","APP_SERVER1_PRIVATE_IP2"]~