1、前言
最近在項目中用nginx做反向代理,需要動態生成nginx的配置。大概流程是用戶在頁面上新增域名、http或https協議以及端口信息,后臺會根據域名自動生成一個nginx的server配置,在nginx.conf配置文件中使用include將所有的server配置加載進來。遇到一個問題就是如何動態生成nginx的配置,以及配置更新。在此之前也接觸過配置生成及更新,當時配置的格式都是基于xml的,使用protobuf與xml結合,先采用protobuf定義好配置的數據結構,然后將protobuf轉換為xml配置文件。配置更新通過判斷配置文件的md5是否發生變化進行。而如今接觸的配置是nginx的配置,是一套自定義的配置。看了一眼nginx的配置源碼,用一個void**** conf 來表示,頓時嚇死寶寶了,膜拜作者編程技能。nginx配置代碼內存組織是相當的牛逼,通用性非常強,有興趣可以認真研究一下。我要自動生成的配置是如下所示:
upstream www_test { server 196.75.121.112:443; (動態生成) } server { listen 443 ssl; (動態生成) server_name www.test.com; (動態生成) ssl_protocols TLSv1 TLSv1.1 TLSv1.2;; ssl_certificate /home/build/openresty/nginx/cert/dealssl/www.bestenover.com.crt; (動態生成) location / { proxy_pass https://www_test; (動態生成) proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_redirect off; } }
2、實現框架
看完nginx的配置不難發現,nginx是一個典型的key value類型的,而且與文件系統的非常類似,一個目錄下面可以包含其他配置,目錄下還可以有目錄,嵌套多層。如今key value類型的數據庫非常多,redis、leveldb等,最近新秀etcd也是key-value分布式數據庫,提供類似文件系統操作,使用raft協議保持數據一致性,非常適合云計算分布式部署場景,將confd與etcd搭配,非常適合nginx這樣的配置格式。
使用etcd新建與nginx配置對應的目錄如下:
為了配合webui展示配置和后臺生成nginx配置,總體的配置流程圖如下所示:
3、生成配置
WEBUI通過API將配置寫入mysql和etcd,confd注冊監控etcd的key為/nginx/,只要發生變化就通知confd根據模板生成配置。confd默認的配置路徑為/etc/confd/,創建conf.d和template兩個目錄,分別存放配置資源和配置模板。
nginx的配置資源如下所示:test.conf.toml
[template] src = "test.conf.tmpl" dest = "/tmp/test.conf" keys = [ "/nginx", ] check_cmd = "/usr/sbin/nginx -t -c {{.src}}" reload_cmd = "/usr/sbin/service nginx reload"
nginx的配置模板如下所示:test.conf.tmpl
upstream www_{{getv "/nginx/https/www/server/server_name"}} {
{{range getvs "/nginx/https/www/upstream/*"}}server {{.}};{{end}}
}
server {
server_name {{getv "/nginx/https/www/server/server_name"}}:443;
ssl on
ssl_certificate {{getv "/nginx/https/www/server/ssl_certificate"}};
ssl_certificate_key {{getv "/nginx/https/www/server/ssl_certificate_key"}};
location / {
proxy_pass http://www_{{getv "/nginx/https/www/server/server_name"}};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
}
}
開啟confd,執行 ./confd -watch -backend etcd -node http://127.0.0.1:2379
使用ectdctl添加配置如下:
./etcdctl set /nginx/https/www/server/server_name test.com ./etcdctl set /nginx/https/www/server/ssl_certificate /home/waf/build/openresty/nginx/cert/client/client.crt ./etcdctl set /nginx/https/www/server/ssl_certificate_key /home/waf/build/openresty/nginx/cert/client/client.key; /etcdctl set /nginx/https/www/upstream/server1 192.168.1.2:443 ./etcdctl set /nginx/https/www/upstream/server2 192.168.4.2:443
confd的執行結果如下所示:
生成位置文件如下所示:
upstream www_test.com { server 192.168.1.2:443; server 192.168.4.2:443; } server { server_name test.com:443; ssl on ssl_certificate /home/waf/build/openresty/nginx/cert/client/client.crt; ssl_certificate_key /home/waf/build/openresty/nginx/cert/client/client.key; location / { proxy_pass http://www_test.com; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_redirect off; } }
與模板生成的保持一致。
4、參考資料
cond的github上文檔介紹
https://github.com/kelseyhightower/confd/blob/master/docs/template-resources.md
etcd與confd實現配置管理
http://www.tuicool.com/articles/eeiAve
etcd的參考:
https://github.com/coreos/etcd
文章列表
留言列表
