rancher ingress 前置nginx 配置
例 如:
10.10.10.1-3 为 rancher HA
10.10.10.4-6为k8s集群node节点 对外提供服务
user nginx;
worker_processes 4;
worker_rlimit_nofile 40000;
error_log logs/error.log;
error_log logs/error.log notice;
error_log logs/error.log info;
#access_log logs/access.log main;
events {
worker_connections 8192;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main
'$remote_user [$time_local] $http_x_Forwarded_for $remote_addr $request '
'$http_x_forwarded_for '
'$upstream_addr '
'ups_resp_time: $upstream_response_time '
'request_time: $request_time';
access_log logs/access.log main;
#开启高效文件传输模式,sendfile指令指定nginx是否调用sendfile函数来输出文件,对于普通应用设为 on,如果用来进行下载等应用磁盘IO重负载应用,可设置为off,以平衡磁盘与网络I/O处理速度,降低系统的负载。注意:如果图片显示不正常把这个改成off。
sendfile on;
#防止网络阻塞
tcp_nopush on;
#防止网络阻塞
tcp_nodelay on;
underscores_in_headers on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 4;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
client_max_body_size 300m;
#FastCGI相关参数是为了改善网站的性能:减少资源占用,提高访问速度。下面参数看字面意思都能理解。
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
upstream rancher_web{
server 10.10.10.4:80;
server 10.10.10.5:80;
server 10.10.10.6:80;
}
server {
listen 80 default_server;
server_name _;
access_log logs/busiweb.access.log main;
client_max_body_size 300m;
client_body_buffer_size 128k;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
proxy_buffer_size 64k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://rancher_web;
}
location /metrics {
default_type text/html ;
return 200 'http_request_metrics{path="/metrics",method="GET",code="200",le="0.025",} 1.0';
}
}
# 包含所有的虚拟主机的配置文件
include /etc/nginx/config/*.conf;
}
stream {
upstream rancher_servers {
least_conn;
server 10.10.10.1:443 max_fails=3 fail_timeout=5s;
server 10.10.10.2:443 max_fails=3 fail_timeout=5s;
server 10.10.10.3:443 max_fails=3 fail_timeout=5s;
}
server {
listen 443;
proxy_pass rancher_servers;
}
}
证书:
有https需要的,可以在四层负载增加配置 如下:
/etc/nginx/config/ 下
server {
listen 443;
ssl on;
server_name *.taobao.com;
access_log /etc/nginx/logs/ssl.taobao.com.access.log main;
ssl_certificate /etc/nginx/cert/taobao.crt;
ssl_certificate_key /etc/nginx/cert/taobao.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://rancher_web;
}
}
文件上传大小:
上传文件大小及超时设置
ingress设置
具体参数有:
nginx.ingress.kubernetes.io/proxy-connect-timeout:"300"
nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
nginx.ingress.kubernetes.io/proxy-body-size:"50m"