Nginx配置

一、安装Nginx

NGINX拥有所有主流操作系统的软件包,通过包管理器可以很轻松安装。有关NGINX安装帮助,请参考nginx安装文档.

1、创建Nginx配置

在安装nginx之前,需要先创建rancher代理配置文件/etc/nginx/conf.d/rancher.conf

  • 复制粘贴以下文件到编辑器,并保存到 /etc/nginx/conf.d/rancher.conf.

NGIN示例配置:

  1. upstream rancher {
  2.     server IP_NODE_1:80;
  3.     server IP_NODE_2:80;
  4.     server IP_NODE_3:80;
  5. }
  7. map $http_upgrade $connection_upgrade {
  8.     default Upgrade;
  9.     ''      close;
  10. }
  12. server {
  13.     listen 443 ssl http2; # 如果是升级或者全新安装v2.2.2,需要禁止http2
  14.     server_name rancher.yourdomain.com;
  15.     ssl_certificate /etc/your_certificate_directory/fullchain.pem;
  16.     ssl_certificate_key /etc/your_certificate_directory/privkey.pem;
  18.     location / {
  19.         proxy_set_header Host $host;
  20.         proxy_set_header X-Forwarded-Proto $scheme;
  21.         proxy_set_header X-Forwarded-Port $server_port;
  22.         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  23.         proxy_pass http://rancher;
  24.         proxy_http_version 1.1;
  25.         proxy_set_header Upgrade $http_upgrade;
  26.         proxy_set_header Connection $connection_upgrade;
  27.         # This allows the ability for the execute shell window to remain open for up to 15 minutes. 
  28.         ## Without this parameter, the default is 1 minute and will automatically close.
  29.         proxy_read_timeout 900s;
  30.         proxy_buffering off;
  31.     }
  32. }
  34. server {
  35.     listen 80;
  36.     server_name rancher.yourdomain.com;
  37.     return 301 https://$server_name$request_uri;
  38. }

为了减少网络传输的数据量,可以在七层代理的http定义中添加GZIP功能。

  1. # Gzip Settings
  2. gzip on;
  3. gzip_disable "msie6";
  4. gzip_disable "MSIE [1-6]\.(?!.*SV1)";
  5. gzip_vary on;
  6. gzip_static on;
  7. gzip_proxied any;
  8. gzip_min_length 0;
  9. gzip_comp_level 8;
  10. gzip_buffers 16 8k;
  11. gzip_http_version 1.1;
  12. gzip_types
  13.   text/xml application/xml application/atom+xml application/rss+xml application/xhtml+xml image/svg+xml     application/font-woff
  14.   text/javascript application/javascript application/x-javascript
  15.   text/x-json application/json application/x-web-app-manifest+json
  16.   text/css text/plain text/x-component
  17.   font/opentype application/x-font-ttf application/vnd.ms-fontobject font/woff2
  18.   image/x-icon image/png image/jpeg;

  • /etc/nginx/conf.d/rancher.conf中, 替换 IP_NODE_1, IP_NODE_2, IP_NODE_3 为需要添加到集群的Linux主机的IP;

  • /etc/nginx/conf.d/rancher.conf中, 替换FQDN为您设置用来登录rancher的域名;

  • /etc/nginx/conf.d/rancher.conf中, 替换/certs/fullchain.pem为证书的路径;

  • /etc/nginx/conf.d/rancher.conf中, 替换/certs/privkey.pem为证书密钥的路径;

二、运行NGINX

  • 重新加载或者重启NGINX
  1. # Reload NGINX
  2. nginx -s reload
  3. # Restart NGINX
  4. # Depending on your Linux distribution
  5. service nginx restart
  6. systemctl restart nginx

三、访问Rancher UI

安装成功后,通过https://FQDN来访问RANCHER UI