配置反向代理服务器以与GoCD服务器一起使用

有时在GoCD前使用代理服务器是有用的。在本节中，我们为您提供了一些实现此目的的提示和示例。

GoCD与Apache

下面展示了一个如何将GoCD与Apache一起配置的示例。

假设：

您已安装了带有mod_proxy的Apache
Apache服务器与GoCD服务器位于同一台机器上（localhost）

Listen nnn.nnn.nnn.nnn:80
NameVirtualHost nnn.nnn.nnn.nnn:80

<VirtualHost nnn.nnn.nnn.nnn:80>
  ServerName go.yourdomain.com
  DocumentRoot /var/www/html

  <IfVersion >= 2.4>
    ProxyPass         /  ws://localhost:8153/
    ProxyPassReverse  /  ws://localhost:8153/
  </IfVersion>

  <IfVersion < 2.4>
    ProxyPass         /  http://localhost:8153/
    ProxyPassReverse  /  http://localhost:8153/
  </IfVersion>

  ProxyPreserveHost On
</VirtualHost>

如果您还使用SSL（强烈建议），可以使用以下代码片段 -

Listen nnn.nnn.nnn.nnn:80
NameVirtualHost nnn.nnn.nnn.nnn:80

<VirtualHost nnn.nnn.nnn.nnn:80>
  ServerName gocd.example.com

  # Redirect any http requests to https
  RewriteEngine On
  RewriteRule ^/(.*)$ https://%{SERVER_NAME}/$1 [R=permanent,L]
</VirtualHost>

<VirtualHost nnn.nnn.nnn.nnn:443>
  ServerName gocd.example.com

  # Proxy everything over to the GoCD server
  ProxyPass         /  http://localhost:8153/
  ProxyPassReverse  /  http://localhost:8153/
  ProxyPreserveHost On
  RequestHeader set X-Forwarded-Proto "https"

  <Location />
    Order allow,deny
    Allow from all
  </Location>

  # SSL configuration
  SSLEngine on

  SSLCertificateFile /etc/pki/tls/certs/gocd.example.com.pem
  SSLCertificateKeyFile /etc/pki/tls/private/gocd.example.com.key
  SSLCertificateChainFile /etc/pki/tls/certs/gocd.example.com.pem.chained.pem
</VirtualHost>

GoCD与NGINX

server {
  # Redirect any http requests to https
  listen         80;
  server_name    gocd.example.com;
  return 301     https://gocd.example.com$request_uri;
}

map $http_upgrade $connection_upgrade {
  default upgrade;
  '' close;
}

server {
  listen                    443 ssl;
  server_name               gocd.example.com;

  ssl_certificate           /etc/pki/tls/certs/gocd.example.com.chained.pem;
  ssl_certificate_key       /etc/pki/tls/private/gocd.example.com.key;

  # Proxy everything over to the GoCD server
  location / {
    proxy_set_header        Host            $host;
    proxy_set_header        X-Real-IP       $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Proto $scheme;
    proxy_http_version      1.1;
    proxy_set_header        Upgrade $http_upgrade;
    proxy_set_header        Connection $connection_upgrade;
    proxy_pass              http://localhost:8153/;

    # To be able to upload artifacts larger than default size of 1mb, ensure that you set this up to a large value.
    # setting to `0` will disable checking for body size.
    # See https://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size
    client_max_body_size  10000m;
    
    # If you are intending to allow downloading of large artifacts (> 1GB) from GoCD you may need to adjust one of the
    # following two proxy buffering settings to prevent downloads failing for slow clients due to server idle timeouts.
    #
    # See https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffering
    #
    # 1) disable the buffering of responses entirely (enabled by default on NGINX) OR
    # proxy_buffering off;
    #
    # 2) increase the max temporary file size (setting to `0` will disable the limit)
    # proxy_max_temp_file_size 2048m;
  }
}

另请参阅…

配置站点 URL