配置反向代理服务器以与GoCD服务器一起使用
有时在GoCD前使用代理服务器是有用的。在本节中,我们为您提供了一些实现此目的的提示和示例。
GoCD与Apache
下面展示了一个如何将GoCD与Apache一起配置的示例。
假设:
- 您已安装了带有
mod_proxy
的Apache - Apache服务器与GoCD服务器位于同一台机器上(localhost)
Listen nnn.nnn.nnn.nnn:80
NameVirtualHost nnn.nnn.nnn.nnn:80
<VirtualHost nnn.nnn.nnn.nnn:80>
ServerName go.yourdomain.com
DocumentRoot /var/www/html
<IfVersion >= 2.4>
ProxyPass / ws://localhost:8153/
ProxyPassReverse / ws://localhost:8153/
</IfVersion>
<IfVersion < 2.4>
ProxyPass / http://localhost:8153/
ProxyPassReverse / http://localhost:8153/
</IfVersion>
ProxyPreserveHost On
</VirtualHost>
如果您还使用SSL(强烈建议),可以使用以下代码片段 -
Listen nnn.nnn.nnn.nnn:80
NameVirtualHost nnn.nnn.nnn.nnn:80
<VirtualHost nnn.nnn.nnn.nnn:80>
ServerName gocd.example.com
# Redirect any http requests to https
RewriteEngine On
RewriteRule ^/(.*)$ https://%{SERVER_NAME}/$1 [R=permanent,L]
</VirtualHost>
<VirtualHost nnn.nnn.nnn.nnn:443>
ServerName gocd.example.com
# Proxy everything over to the GoCD server
ProxyPass / http://localhost:8153/
ProxyPassReverse / http://localhost:8153/
ProxyPreserveHost On
RequestHeader set X-Forwarded-Proto "https"
<Location />
Order allow,deny
Allow from all
</Location>
# SSL configuration
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/gocd.example.com.pem
SSLCertificateKeyFile /etc/pki/tls/private/gocd.example.com.key
SSLCertificateChainFile /etc/pki/tls/certs/gocd.example.com.pem.chained.pem
</VirtualHost>
GoCD与NGINX
server {
# Redirect any http requests to https
listen 80;
server_name gocd.example.com;
return 301 https://gocd.example.com$request_uri;
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 443 ssl;
server_name gocd.example.com;
ssl_certificate /etc/pki/tls/certs/gocd.example.com.chained.pem;
ssl_certificate_key /etc/pki/tls/private/gocd.example.com.key;
# Proxy everything over to the GoCD server
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_pass http://localhost:8153/;
# To be able to upload artifacts larger than default size of 1mb, ensure that you set this up to a large value.
# setting to `0` will disable checking for body size.
# See https://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size
client_max_body_size 10000m;
# If you are intending to allow downloading of large artifacts (> 1GB) from GoCD you may need to adjust one of the
# following two proxy buffering settings to prevent downloads failing for slow clients due to server idle timeouts.
#
# See https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffering
#
# 1) disable the buffering of responses entirely (enabled by default on NGINX) OR
# proxy_buffering off;
#
# 2) increase the max temporary file size (setting to `0` will disable the limit)
# proxy_max_temp_file_size 2048m;
}
}