首页 腾讯云动态正文

Nginx结合腾讯云CLB完成请求头Host重写

云返利网 腾讯云动态 2020-08-21 21:35:18 8 0 腾讯云服务

需求背景
1.常规情况是访问A域名时对外展示域名信息不变,内容却是B域名的,大部分在多版本发布切换时才有这种的需求
2.非常规情况是临时过渡或者域名更换时遗留访问导向
3.使用的是腾讯云clb做负载均衡暂不支持自定义请求header头


想要的效果
访问http或https://xxx.domainold.com时实际上是访问http或https://xxx.domainnew.xom的内容

解决方案
该方案只支持未过CDN的域名,因为过了CDN域名前端访问控制权在腾讯云手中,不可以自定义nginx拦截流量。

架构变更
原架构:Client--七层Clb--CVM
新架构:Client--四层Clb--Nginx--七层Clb--CVM

具体配置
需要通过修改header头加反向代理方式实现可行,配置如下:

    server {
        listen 80;
        listen 443 ssl;
        server_name jumpserver.domainold.com;
        ssl_certificate             ssl/domainold.com.crt;
        ssl_certificate_key         ssl/domainold.com.key;
        ssl_prefer_server_ciphers   on;
        ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:AES:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!DHE:3DES;"
        ssl_protocols               TLSv1.3 TLSv1.2 TLSv1.1 TLSv1;
        ssl_session_cache           shared:SSL:10m;
        ssl_session_timeout         60m;

        location / {
            proxy_pass http://158.8.188.188:80;
            proxy_set_header Host jumpserver.domainnew.com;
        }

        access_log  logs/jumpserver.log  main;
    }

备注:由于cname只改变路由且腾讯云clb不支持修改header头,所以需要新增一层nginx自定义重写header请求头中host值。jumpserver.domainold.com解析到nginx,其中158.8.188.188为7层clb负载对应的是domainnew.com域名。

访问验证
1.nginx访问日志

108.38.55.198 - - [13/Jul/2020:18:56:28 +0800] "GET /static/js/plugins/echarts/chart/pie.js HTTP/1.1" 200 12159 "https://jumpserver.domainold.com/" jumpserver.domainold.com "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36" "-"

2.clb访问日志

{"request":"GET /static/js/plugins/echarts/chart/pie.js HTTP/1.0","server_name":"jumpserver.domainnew.com","stgw_engine_connect_time":"-","upstream_addr":"10.2.8.35:80","upstream_header_time":"0.003","connection_requests":"1","ssl_cipher":"-","stgw_engine_response_time":"-","stgw_request_id":"186f546bcc8484a5b7ab1855afef4ff8","http_host":"jumpserver.domainnew.com","http_user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36","upstream_status":"200","vip_vpcid":-1,"request_time":"0.003","via_stgw_engine":"-","proxy_host":"661564","vsvc_id":"530789","connection":"30345865319","tcpinfo_rtt":"11000","ssl_protocol":"-","remote_addr":"118.89.230.123","remote_port":"54234","time_local":"13/Jul/2020:18:56:28 +0800","bytes_sent":"12408","server_addr":"154.8.188.184","protocol_type":"http","ssl_handshake_time":"-","upstream_connect_time":"0.002","request_length":"574","http_referer":"https://jumpserver.domainold.com/","ssl_session_reused":"-","server_port":"1072","upstream_response_time":"0.003","status":200,"__TOPIC__":"clb_api","__SOURCE__":"100.98.178.58","__FILENAME__":"access.log"}

可以发现域名变化了, 原因访问domainold.com的请求变成了访问domainnew.com的请求了。

【关于云返利网】

云返利网是阿里云、腾讯云、华为云产品推广返利平台,在各个品牌云产品官网优惠活动之外,云返利网还提供返利。您可以无门槛获得阿里云、华为云、腾讯云所有产品返利,在官网下单后就可以领取,无论是自己用、公司用还是帮客户采购,您个人都可以获得返利。云返利网的目标是让返利更多、更快、更简单!详情咨询13121395187(微信同号)