Nginx模板自动化_nginx文件服务器模板

link管理
链接快照平台
输入网页链接，自动生成快照
标签化管理网页链接
2、kubernetes+ingress实战

1、转发kubernetes的ingress

kubernetes-cluster.conf
upstream kubernetes-cluster {
  server 192.168.82.42 weight=5;
  keepalive 16;
2、域名配置
 
ogateway-uat.xxxx.net.conf 
server {
        listen       80;
        server_name   ogateway-uat.xxxx.net;
        rewrite ^/(.*)$ https://$host/$1 permanent;
        # IP白名单
        include /usr/local/openresty/nginx/whitelist/corporation.conf;
server {
        listen       443 ssl;
        server_name   ogateway-uat.xxxx.net;
        ssl                   on;
        ssl_certificate      /usr/local/openresty/nginx/ssl/xxx.net.crt;
        ssl_certificate_key  /usr/local/openresty/nginx/ssl/xxx.net.key;
        include ssl.conf;
        # IP白名单 放开时间0920-0930
        include /usr/local/openresty/nginx/whitelist/corporation.conf;
        location / {
            proxy_pass  http://kubernetes-cluster;
        include https_proxy.conf;
3、反向代理
 
server {
        listen       80;
        server_name  customer-uat.xxxxx.com;
        # IP白名单
        include /usr/local/openresty/nginx/whitelist/corporation.conf;
        rewrite ^/(.*)$ https://$host/$1 permanent;
server {
        listen       443 ssl;
        server_name  customer-uat.xxxx.com;
        # IP白名单
        include /usr/local/openresty/nginx/whitelist/corporation.conf;
        ssl                   on;
        ssl_certificate      /usr/local/openresty/nginx/ssl/xxxx.com.crt;
        ssl_certificate_key  /usr/local/openresty/nginx/ssl/xxxxx.com.key;
        include ssl.conf;
        location / {
            proxy_pass  http://192.168.102.202;
            include proxy.conf;
            proxy_set_header X-Forwarded-Proto https;
            proxy_set_header X-Forwarded-HTTPS on;
            add_header Front-End-Https on;
4、负载轮询代理
 
upstream xxxx-backend-uat {
     #server 192.168.99.147:1201;
     server 192.168.82.42;
server {
    listen 80;
    server_name inhouse-xxxx-uat.xxxx.com;
    include /usr/local/openresty/nginx/whitelist/corporation.conf;
	location / {
        proxy_pass  http://xxxx-backend-uat;
        include http_proxy.conf;
server {
    listen 443 ssl;
    server_name xxxx-backend-uat.xxxx.com;
    include /usr/local/openresty/nginx/whitelist/corporation.conf;
    ssl                   on;
    ssl_certificate      /usr/local/openresty/nginx/ssl/xxxx.com.crt;
    ssl_certificate_key  /usr/local/openresty/nginx/ssl/xxxx.com.key;
    include ssl.conf;
    location / {
        proxy_pass  http://xxxx-backend-uat;
        include http_proxy.conf;
5、自动化处理
 
add_nginx.sh 
#!/bin/bash
#日志级别 debug-1, info-2, warn-3, error-4, always-5
LOG_LEVEL=1
#日志名称
job_name=add_nginx
#脚本目录
script_dir=/opt
#日志文件
LOG_FILE=./${job_name}.log
#调试日志
function log_debug() {
	content="[DEBUG] $(date '+%Y-%m-%d %H:%M:%S') $@"
	[ $LOG_LEVEL -le 1 ] && echo $content >>$LOG_FILE && echo -e "\033[32m" ${content} "\033[0m"
#信息日志
function log_info() {
	content="[INFO] $(date '+%Y-%m-%d %H:%M:%S') $@"
	[ $LOG_LEVEL -le 2 ] && echo $content >>$LOG_FILE && echo -e "\033[32m" ${content} "\033[0m"
#警告日志
function log_warn() {
	content="[WARN] $(date '+%Y-%m-%d %H:%M:%S') $@"
	[ $LOG_LEVEL -le 3 ] && echo $content >>$LOG_FILE && echo -e "\033[33m" ${content} "\033[0m"
#错误日志
function log_err() {
	content="[ERROR] $(date '+%Y-%m-%d %H:%M:%S') $@"
	[ $LOG_LEVEL -le 4 ] && echo $content >>$LOG_FILE && echo -e "\033[31m" ${content} "\033[0m"
#一直都会打印的日志
function log_always() {
	content="[ALWAYS] $(date '+%Y-%m-%d %H:%M:%S') $@"
	[ $LOG_LEVEL -le 5 ] && echo $content >>$LOG_FILE && echo -e "\033[32m" ${content} "\033[0m"
function get_Whitelist() {
	# 提示用户输入选项
	echo "1. 使用白名单"
	echo "2. 不使用白名单"
	# 获取用户输入
	read -p "请选择要使用白名单配置：" choice_whitelist
	# 使用case语句根据用户选择设置变量
	case $choice_whitelist in
		use_whitelist=true
		use_whitelist=false
		echo "错误：请输入正确的选项" >&2
		exit 1
function set_whitelist() {
  if [ "$use_whitelist" = true ]; then
    log_info "已经设置IP白名单"
    sed -i -r 's/^(\s*)#(.*include\s*\/usr\/local\/openresty\/nginx\/whitelist\/corporation\.conf;.*)$/\1\2/g' "$conf_file"
    log_info "不使用IP白名单"
function check_nginx() {
	conf_file="/chen/company_shell/$realm_name.conf"
	# 检查Nginx配置文件
	if nginx -t >/dev/null 2>&1; then
		echo "Nginx configuration test passed."
		echo "Nginx configuration test failed. Please check your configuration file."
		exit 1
function kubernetes_nginx() {
	re_301='rewrite ^/(.*)$ https://$host/$1 permanent;'
	tld=$(echo "$realm_name" | sed -E 's/.*\.([^.]+\.[^.]+)$/\1/')
	cat >$realm_name.conf <<EOF
server {
        listen       80;
        server_name  $realm_name;
	# IP白名单
        #include /usr/local/openresty/nginx/whitelist/corporation.conf;
        $re_301
server {
        listen       443 ssl;
        server_name  $realm_name;
        ssl                   on;
        ssl_certificate      /usr/local/openresty/nginx/ssl/$tld.crt;
        ssl_certificate_key  /usr/local/openresty/nginx/ssl/$tld.key;
        include ssl.conf;
	# IP白名单
        #include /usr/local/openresty/nginx/whitelist/corporation.conf;
        location / {
           proxy_pass  http://kubernetes-cluster;
           include https_proxy.conf;
function proxy_nginx() {
	read -p "设置反向代理（列如：http://172.18.199.115）：" proxy_ip
	re_301='rewrite ^/(.*)$ https://$host/$1 permanent;'
	tld=$(echo "$realm_name" | sed -E 's/.*\.([^.]+\.[^.]+)$/\1/')
	cat >$realm_name.conf <<EOF
server {
        listen       80;
        server_name  $realm_name;
	    $re_301
	# IP白名单
        #include /usr/local/openresty/nginx/whitelist/corporation.conf;
server {
        listen       443 ssl;
        server_name  $realm_name;
	# IP白名单
        #include /usr/local/openresty/nginx/whitelist/corporation.conf;
        ssl                   on;
        ssl_certificate      /usr/local/openresty/nginx/ssl/$tld.crt;
        ssl_certificate_key  /usr/local/openresty/nginx/ssl/$tld.key;
        include ssl.conf;
        location / {
        	proxy_pass  $proxy_ip;
		include https_proxy.conf;
function upstream_nginx() {
# 定义函数：生产域名
function set_kubernetes_nginx() {
	# TODO: 在这里实现生产域名的操作
	log_info "开始配置nginx模板"
	read -p "请输您的域名:  " realm_name
	log_info "域名记录： $realm_name"
	get_Whitelist
	kubernetes_nginx
	# 输出变量值
	set_whitelist
	#配置文件校检
	check_nginx
function set_reverse_proxy_nginx() {
	# TODO: 在这里实现生产域名的操作
	log_info "开始配置nginx模板"
	read -p "请输您的域名:  " realm_name
	log_info "域名记录： $realm_name"
	get_Whitelist
	proxy_nginx
	# 输出变量值
	set_whitelist
	#配置文件校检
	check_nginx
function set_upstream_proxy_nginx() {
	# TODO: 在这里实现生产域名的操作
	log_info "开始配置nginx模板"
	read -p "请输您的域名:  " realm_name
	log_info "域名记录： $realm_name"
	get_Whitelist
	upstream_nginx
	# 输出变量值
	set_whitelist
	#配置文件校检
	check_nginx
# 定义主函数
function main() {
	# 显示菜单
	echo "请选择一个选项："
	echo "1. kubernetes接入"
	echo "2. 反向代理接入"
	echo "3. 负载均衡接入"
	# 读取用户输入
	read -p "请输您的选择:  " choice
	# 根据用户输入选择对应的操作
	case $choice in
	1) set_kubernetes_nginx ;;
	2) set_reverse_proxy_nginx ;;
	3) set_upstream_proxy_nginx ;;
	*) echo "无效的选项，请重新输入" ;;
# 调用主函数
                    在日常工作中，我们经常需要创建Nginx配置文件的模板，以便在不同的环境中快速部署和配置Nginx服务器。然而，这样的任务通常需要重复性高、耗时长，且容易出错。为了加快这些任务的完成，并提高工作效率，可以使用一些自动化工具来简化Nginx配置文件的生成和管理。其中，一种常见的方法是使用基于文本替换的模板引擎，如Jinja2、Mustache等，将Nginx配置文件中的变量替换为实际的值。
3、服务器将数据返回到自己的代理服务器
4、自己的代理服务器再将数据返回给用户
作用：正向代理隐藏了用户，用户的请求被代理服务器接收代替，到了服务器，服务器并不知道用户是谁。
1、用户发送请求到服务器（访问的其实是反向代理服务器，但用户不知道）
2、反向代理服务器发送请求到真正的服务器
3、真正的服务器将数据返回给反向代理服务器
				# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker...
[root@zabbix_server ansible]# tail -9 /etc/ansible/hosts
[LYP]
#172.28.102.130 ansible_user=root ansible_ssh_pass=Cm146688!
#172.28.102.131 ansible_user=root ansible_ssh_pass=Cm1466
				本篇博客单独摘录出来作为续篇进行实验，实验环境：https://blog.csdn.net/aaaaaab_/article/details/81750299 
在server1进行部署nginx的准备工作：
[root@server1 salt]# pwd
/srv/salt
[root@server1 salt]# ls
httpd
[root@server1 salt]# mkdir ng...