配置反向代理

    您的查询搜索没有结果。

    配置反向代理服务器以与GoCD服务器一起使用

    有时在GoCD前使用代理服务器是有用的。在本节中,我们为您提供了一些实现此目的的提示和示例。

    GoCD与Apache

    下面展示了一个如何将GoCD与Apache一起配置的示例。

    假设:

    • 您已安装了带有mod_proxy的Apache
    • Apache服务器与GoCD服务器位于同一台机器上(localhost)
    Listen nnn.nnn.nnn.nnn:80
    NameVirtualHost nnn.nnn.nnn.nnn:80
    
    <VirtualHost nnn.nnn.nnn.nnn:80>
      ServerName go.yourdomain.com
      DocumentRoot /var/www/html
    
      <IfVersion >= 2.4>
        ProxyPass         /  ws://localhost:8153/
        ProxyPassReverse  /  ws://localhost:8153/
      </IfVersion>
    
      <IfVersion < 2.4>
        ProxyPass         /  http://localhost:8153/
        ProxyPassReverse  /  http://localhost:8153/
      </IfVersion>
    
      ProxyPreserveHost On
    </VirtualHost>
    

    如果您还使用SSL(强烈建议),可以使用以下代码片段 -

    Listen nnn.nnn.nnn.nnn:80
    NameVirtualHost nnn.nnn.nnn.nnn:80
    
    <VirtualHost nnn.nnn.nnn.nnn:80>
      ServerName gocd.example.com
    
      # Redirect any http requests to https
      RewriteEngine On
      RewriteRule ^/(.*)$ https://%{SERVER_NAME}/$1 [R=permanent,L]
    </VirtualHost>
    
    <VirtualHost nnn.nnn.nnn.nnn:443>
      ServerName gocd.example.com
    
      # Proxy everything over to the GoCD server
      ProxyPass         /  http://localhost:8153/
      ProxyPassReverse  /  http://localhost:8153/
      ProxyPreserveHost On
      RequestHeader set X-Forwarded-Proto "https"
    
      <Location />
        Order allow,deny
        Allow from all
      </Location>
    
      # SSL configuration
      SSLEngine on
    
      SSLCertificateFile /etc/pki/tls/certs/gocd.example.com.pem
      SSLCertificateKeyFile /etc/pki/tls/private/gocd.example.com.key
      SSLCertificateChainFile /etc/pki/tls/certs/gocd.example.com.pem.chained.pem
    </VirtualHost>
    

    GoCD与NGINX

    server {
      # Redirect any http requests to https
      listen         80;
      server_name    gocd.example.com;
      return 301     https://gocd.example.com$request_uri;
    }
    
    map $http_upgrade $connection_upgrade {
      default upgrade;
      '' close;
    }
    
    server {
      listen                    443 ssl;
      server_name               gocd.example.com;
    
      ssl_certificate           /etc/pki/tls/certs/gocd.example.com.chained.pem;
      ssl_certificate_key       /etc/pki/tls/private/gocd.example.com.key;
    
      # Proxy everything over to the GoCD server
      location / {
        proxy_set_header        Host            $host;
        proxy_set_header        X-Real-IP       $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
        proxy_http_version      1.1;
        proxy_set_header        Upgrade $http_upgrade;
        proxy_set_header        Connection $connection_upgrade;
        proxy_pass              http://localhost:8153/;
    
        # To be able to upload artifacts larger than default size of 1mb, ensure that you set this up to a large value.
        # setting to `0` will disable checking for body size.
        # See https://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size
        client_max_body_size  10000m;
        
        # If you are intending to allow downloading of large artifacts (> 1GB) from GoCD you may need to adjust one of the
        # following two proxy buffering settings to prevent downloads failing for slow clients due to server idle timeouts.
        #
        # See https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffering
        #
        # 1) disable the buffering of responses entirely (enabled by default on NGINX) OR
        # proxy_buffering off;
        #
        # 2) increase the max temporary file size (setting to `0` will disable the limit)
        # proxy_max_temp_file_size 2048m;
      }
    }
    

    另请参阅…