摘要:
位置/{proxy_set_headerHost$http_host;server_nametest.imcati.com;}ssl_certificate/etc/nginx/ssl/test.imcati.com.crt;ssl证书密钥/etc/nginx/ssl/test.imcati.com.key;ssl_会话超时5m;
前提:由于国内访问首尔地区经常出现不稳定情况,现将请求从nginx(sz)转发到nginx(hk)再转发到首尔地区,在基于不改变nginx(seoul)的配置的前提下,引入aws的延迟策略,同时保证国内
解析出现问题时,迅速将解析切至首尔的nginx。
实现:基于aws route53 配置延迟故障切换策略
nginx(sz)配置:
server {
listen 80;
listen 443 ssl;
server_name test.imcati.com;
if ( $server_port = 80 ) {
return 301 https://$server_name$request_uri;}
ssl_certificate /etc/nginx/ssl/test.imcati.com.crt;
ssl_certificate_key /etc/nginx/ssl/test.imcati.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log access_log_json;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://xx.xx.xx.xx; #nginx(hk) ip addr
}
}nginx(hk)配置:
server {
listen 80;
listen 443 ssl;
server_name test.imcati.com;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://xx.xx.xx.xx; nginx(seoul) ip addr
}
}
nginx(seoul)配置:
server {
listen 80;
listen 443 ssl;
server_name test.imcati.com;
if ( $server_port = 80 ) {
return 301 https://$server_name$request_uri;}
ssl_certificate /etc/nginx/ssl/test.imcati.com.crt;
ssl_certificate_key /etc/nginx/ssl/test.imcati.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log access_log_json;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://xx.xx.xx.xx; # backend server addr
}
}aws dns策略配置参考图:
操作步骤如下:
创建健康检查-->配置两条A记录基于延迟策略-->配置两条Alias别名到之前的A记录
创建健康检查:
创建两条A记录,解析到sz的记录配置健康检查
示例
sz的记录:test-cn.imcati.com
seoul的记录:test-kr.imcati.com
sz的ip解析ttl时间调至60s,便于dns切换快速完成。
创建域名别名到A记录:
可以通过修改健康检查,测试ip解析地址是否进行切换。
参考链接:https://docs.aws.amazon.com/zh_cn/Route53/latest/DeveloperGuide/dns-failover-complex-configs.html