Задать вопрос
Ответы пользователя по тегу Proxy
  • MinIO - Как настроить проксирующий сервер?

    @alterak Автор вопроса
    Вопрос решен следующим образом...
    На Server2 я немного изменил конфигурацию MinIO... Разделил API и Консоль, а так же добавил необходимые URL адреса, теперь конфигурация выглядит так
    Обновленный конфиг MinIO

    MINIO_VOLUMES="/data/minio/"
    MINIO_OPTS="--address :9000 --console-address :9001"
    MINIO_ROOT_USER=minioUser
    MINIO_ROOT_PASSWORD=minioPassword

    MINIO_SERVER_URL=https://s3.domain.ru
    MINIO_BROWSER_REDIRECT_URL=https://console-s3.domain.ru

    А так же изменил конфиг NGINX на Server1, сделал 2 секции server с разными проксирующими адресами. К тому же пришлось установить дополнительный сертификат для консоли.
    Обновленный конфиг NGINX

    server {
    server_name s3.domain.ru;
    listen 443;
    listen [::]:443;
    access_log /var/log/nginx/s3.domain.ru-access.log;
    error_log /var/log/nginx/s3.domain.ru-error.log;

    ssl_certificate /etc/letsencrypt/live/s3.domain.ru/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/s3.domain.ru/privkey.pem;

    location ^~ '/.well-known/acme-challenge' {
    default_type "text/plain";
    root /var/www/certbot;
    }

    # To allow special characters in headers
    ignore_invalid_headers off;
    # Allow any size file to be uploaded.
    # Set to a value such as 1000m; to restrict file size to a specific value
    client_max_body_size 0;
    # To disable buffering
    proxy_buffering off;
    proxy_request_buffering off;

    location / {
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

    proxy_connect_timeout 300;
    # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
    proxy_http_version 1.1;
    proxy_set_header Connection "";
    chunked_transfer_encoding off;

    proxy_pass 192.168.1.15:9000;
    }
    }

    server {
    server_name console-s3.domain.ru;
    listen 443;
    listen [::]:443;
    access_log /var/log/nginx/console-s3.domain.ru-access.log;
    error_log /var/log/nginx/console-s3.domain.ru-error.log;

    ssl_certificate /etc/letsencrypt/live/console-s3.domain.ru/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/console-s3.domain.ru/privkey.pem;

    location ^~ '/.well-known/acme-challenge' {
    default_type "text/plain";
    root /var/www/certbot;
    }

    # To allow special characters in headers
    ignore_invalid_headers off;
    # Allow any size file to be uploaded.
    # Set to a value such as 1000m; to restrict file size to a specific value
    client_max_body_size 0;
    # To disable buffering
    proxy_buffering off;
    proxy_request_buffering off;

    location / {
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-NginX-Proxy true;

    # This is necessary to pass the correct IP to be hashed
    real_ip_header X-Real-IP;

    proxy_connect_timeout 300;

    # To support websocket
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";

    chunked_transfer_encoding off;

    proxy_pass 192.168.1.15:9001;
    }
    }
    Ответ написан
    3 комментария