422 lines
9.1 KiB
Markdown
422 lines
9.1 KiB
Markdown
# Ubuntu环境下Nginx多客户端测试指南
|
||
|
||
## 概述
|
||
|
||
本指南详细说明如何在Ubuntu环境中配置和测试Nginx反向代理多客户端功能,实现根据不同端口动态切换API配置的能力。
|
||
|
||
## 架构说明
|
||
|
||
```
|
||
客户端访问端口 Nginx代理 开发服务器
|
||
5174 (client-a) ──→ 反向代理 ──→ 172.16.0.34:5173
|
||
5175 (client-b) ──→ 反向代理 ──→ 172.16.0.34:5173
|
||
5176 (client-c) ──→ 反向代理 ──→ 172.16.0.34:5173
|
||
5177 (client-d) ──→ 反向代理 ──→ 172.16.0.34:5173
|
||
```
|
||
|
||
每个端口通过 `X-Client-ID` 头部传递客户端标识,应用根据此标识动态选择对应的API配置。
|
||
|
||
## 环境要求
|
||
|
||
### 系统要求
|
||
- Ubuntu 18.04+ 或其他Linux发行版
|
||
- Nginx 1.18+
|
||
- Node.js 18+
|
||
- 网络访问权限到 172.16.0.34:5173
|
||
|
||
### 端口要求
|
||
- 5174-5177:Nginx监听端口
|
||
- 5173:开发服务器端口(需要在172.16.0.34上运行)
|
||
|
||
## 安装和配置步骤
|
||
|
||
### 1. 安装Nginx
|
||
|
||
```bash
|
||
# 更新包管理器
|
||
sudo apt update
|
||
|
||
# 安装Nginx
|
||
sudo apt install nginx -y
|
||
|
||
# 检查Nginx版本
|
||
nginx -v
|
||
|
||
# 启动Nginx服务
|
||
sudo systemctl start nginx
|
||
sudo systemctl enable nginx
|
||
```
|
||
|
||
### 2. 配置Nginx
|
||
|
||
#### 2.1 备份原配置
|
||
```bash
|
||
# 备份默认配置
|
||
sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.backup
|
||
sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/default.backup
|
||
```
|
||
|
||
#### 2.2 创建多客户端配置
|
||
```bash
|
||
# 创建配置目录
|
||
sudo mkdir -p /etc/nginx/conf.d
|
||
|
||
# 复制优化后的配置文件
|
||
sudo cp nginx-ubuntu-optimized.conf /etc/nginx/conf.d/multi-client.conf
|
||
|
||
# 或者直接创建配置文件
|
||
sudo nano /etc/nginx/conf.d/multi-client.conf
|
||
# 然后粘贴 nginx-ubuntu-optimized.conf 的内容
|
||
```
|
||
|
||
#### 2.3 创建日志目录
|
||
```bash
|
||
# 创建客户端专用日志目录
|
||
sudo mkdir -p /var/log/nginx/clients
|
||
|
||
# 设置权限
|
||
sudo chown -R www-data:www-data /var/log/nginx/clients
|
||
sudo chmod -R 755 /var/log/nginx/clients
|
||
```
|
||
|
||
#### 2.4 修改主配置文件
|
||
```bash
|
||
# 编辑主配置文件
|
||
sudo nano /etc/nginx/nginx.conf
|
||
```
|
||
|
||
确保包含以下配置:
|
||
```nginx
|
||
http {
|
||
# 包含多客户端配置
|
||
include /etc/nginx/conf.d/*.conf;
|
||
|
||
# 日志格式(如果主配置中没有)
|
||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||
'$status $body_bytes_sent "$http_referer" '
|
||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||
|
||
# 其他配置...
|
||
}
|
||
```
|
||
|
||
### 3. 验证配置
|
||
|
||
```bash
|
||
# 测试Nginx配置语法
|
||
sudo nginx -t
|
||
|
||
# 如果配置正确,重新加载Nginx
|
||
sudo systemctl reload nginx
|
||
|
||
# 检查Nginx状态
|
||
sudo systemctl status nginx
|
||
```
|
||
|
||
### 4. 防火墙配置
|
||
|
||
```bash
|
||
# 允许Nginx端口通过防火墙
|
||
sudo ufw allow 5174
|
||
sudo ufw allow 5175
|
||
sudo ufw allow 5176
|
||
sudo ufw allow 5177
|
||
|
||
# 或者允许端口范围
|
||
sudo ufw allow 5174:5177/tcp
|
||
|
||
# 检查防火墙状态
|
||
sudo ufw status
|
||
```
|
||
|
||
## 应用配置修改
|
||
|
||
### 1. 修改api-config.ts
|
||
|
||
需要在开发环境配置中添加第四个客户端:
|
||
|
||
```typescript
|
||
const getClientConfigs = (env: string): Record<string, Partial<ApiConfig>> => {
|
||
if (env === 'development') {
|
||
return {
|
||
'client-a': {
|
||
baseUrl: 'http://172.16.0.34:5174',
|
||
uploadUrl: 'http://172.16.0.34:5174/admin/documents',
|
||
// ... oauth配置
|
||
},
|
||
'client-b': {
|
||
baseUrl: 'http://172.16.0.34:5175',
|
||
uploadUrl: 'http://172.16.0.34:5175/admin/documents',
|
||
// ... oauth配置
|
||
},
|
||
'client-c': {
|
||
baseUrl: 'http://172.16.0.34:5176',
|
||
uploadUrl: 'http://172.16.0.34:5176/admin/documents',
|
||
// ... oauth配置
|
||
},
|
||
'client-d': {
|
||
baseUrl: 'http://172.16.0.34:5177',
|
||
uploadUrl: 'http://172.16.0.34:5177/admin/documents',
|
||
// ... oauth配置
|
||
}
|
||
};
|
||
}
|
||
// ...
|
||
};
|
||
```
|
||
|
||
### 2. 添加客户端检测逻辑
|
||
|
||
在应用中添加根据请求头自动检测客户端的逻辑:
|
||
|
||
```typescript
|
||
// 在服务器端或中间件中
|
||
const detectClientFromHeaders = (request: Request): string => {
|
||
// 从Nginx传递的头部获取客户端ID
|
||
const clientId = request.headers.get('X-Client-ID');
|
||
const originalPort = request.headers.get('X-Original-Port');
|
||
|
||
if (clientId) {
|
||
return clientId;
|
||
}
|
||
|
||
// 根据端口映射客户端ID
|
||
const portToClient: Record<string, string> = {
|
||
'5174': 'client-a',
|
||
'5175': 'client-b',
|
||
'5176': 'client-c',
|
||
'5177': 'client-d'
|
||
};
|
||
|
||
return portToClient[originalPort || ''] || 'main';
|
||
};
|
||
```
|
||
|
||
## 测试步骤
|
||
|
||
### 1. 启动开发服务器
|
||
|
||
确保在172.16.0.34机器上启动开发服务器:
|
||
```bash
|
||
# 在项目目录中
|
||
npm run dev
|
||
# 或
|
||
pnpm dev
|
||
# 确保服务运行在5173端口
|
||
```
|
||
|
||
### 2. 测试Nginx代理
|
||
|
||
```bash
|
||
# 测试各个端口的健康检查
|
||
curl http://localhost:5174/health
|
||
curl http://localhost:5175/health
|
||
curl http://localhost:5176/health
|
||
curl http://localhost:5177/health
|
||
|
||
# 测试代理功能
|
||
curl -H "Accept: text/html" http://localhost:5174/
|
||
curl -H "Accept: text/html" http://localhost:5175/
|
||
```
|
||
|
||
### 3. 验证客户端标识传递
|
||
|
||
```bash
|
||
# 检查请求头传递
|
||
curl -v http://localhost:5174/api/test 2>&1 | grep "X-Client-ID"
|
||
|
||
# 查看Nginx访问日志
|
||
sudo tail -f /var/log/nginx/client-a-access.log
|
||
sudo tail -f /var/log/nginx/client-b-access.log
|
||
```
|
||
|
||
### 4. 浏览器测试
|
||
|
||
在浏览器中访问:
|
||
- http://172.16.0.34:5174 (Client A)
|
||
- http://172.16.0.34:5175 (Client B)
|
||
- http://172.16.0.34:5176 (Client C)
|
||
- http://172.16.0.34:5177 (Client D)
|
||
|
||
### 5. 环境变量测试
|
||
|
||
```bash
|
||
# 设置客户端ID环境变量测试
|
||
export CLIENT_ID=client-a
|
||
npm run dev
|
||
|
||
# 或在启动时指定
|
||
CLIENT_ID=client-b npm run dev
|
||
```
|
||
|
||
## 监控和调试
|
||
|
||
### 1. 日志监控
|
||
|
||
```bash
|
||
# 实时监控所有客户端日志
|
||
sudo tail -f /var/log/nginx/client-*-access.log
|
||
|
||
# 监控错误日志
|
||
sudo tail -f /var/log/nginx/client-*-error.log
|
||
|
||
# 监控Nginx主错误日志
|
||
sudo tail -f /var/log/nginx/error.log
|
||
```
|
||
|
||
### 2. 性能监控
|
||
|
||
```bash
|
||
# 检查Nginx进程状态
|
||
sudo systemctl status nginx
|
||
|
||
# 查看端口监听状态
|
||
sudo netstat -tlnp | grep nginx
|
||
|
||
# 检查连接数
|
||
sudo ss -tuln | grep :517
|
||
```
|
||
|
||
### 3. 调试工具
|
||
|
||
```bash
|
||
# 使用curl测试详细信息
|
||
curl -v -H "X-Test: true" http://localhost:5174/api/config
|
||
|
||
# 使用httpie(需要安装)
|
||
sudo apt install httpie
|
||
http GET localhost:5174/health X-Test:debug
|
||
```
|
||
|
||
## 故障排除
|
||
|
||
### 常见问题
|
||
|
||
1. **端口被占用**
|
||
```bash
|
||
# 检查端口占用
|
||
sudo lsof -i :5174
|
||
# 杀死占用进程
|
||
sudo kill -9 <PID>
|
||
```
|
||
|
||
2. **权限问题**
|
||
```bash
|
||
# 检查Nginx用户权限
|
||
sudo chown -R www-data:www-data /var/log/nginx/
|
||
sudo chmod -R 755 /var/log/nginx/
|
||
```
|
||
|
||
3. **配置语法错误**
|
||
```bash
|
||
# 详细检查配置
|
||
sudo nginx -t -c /etc/nginx/nginx.conf
|
||
```
|
||
|
||
4. **网络连接问题**
|
||
```bash
|
||
# 测试到开发服务器的连接
|
||
telnet 172.16.0.34 5173
|
||
# 或使用nc
|
||
nc -zv 172.16.0.34 5173
|
||
```
|
||
|
||
### 日志分析
|
||
|
||
```bash
|
||
# 分析访问模式
|
||
sudo awk '{print $1, $7, $9}' /var/log/nginx/client-a-access.log | sort | uniq -c
|
||
|
||
# 查找错误请求
|
||
sudo grep "50[0-9]" /var/log/nginx/client-*-access.log
|
||
|
||
# 统计客户端访问量
|
||
sudo grep -o 'client_id="[^"]*"' /var/log/nginx/client-*-access.log | sort | uniq -c
|
||
```
|
||
|
||
## 性能优化建议
|
||
|
||
### 1. Nginx优化
|
||
|
||
```nginx
|
||
# 在http块中添加
|
||
worker_processes auto;
|
||
worker_connections 1024;
|
||
|
||
# 启用gzip压缩
|
||
gzip on;
|
||
gzip_vary on;
|
||
gzip_min_length 1024;
|
||
gzip_types text/plain text/css application/json application/javascript;
|
||
|
||
# 缓存配置
|
||
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:10m max_size=10g
|
||
inactive=60m use_temp_path=off;
|
||
```
|
||
|
||
### 2. 系统优化
|
||
|
||
```bash
|
||
# 增加文件描述符限制
|
||
echo "* soft nofile 65535" | sudo tee -a /etc/security/limits.conf
|
||
echo "* hard nofile 65535" | sudo tee -a /etc/security/limits.conf
|
||
|
||
# 优化内核参数
|
||
echo "net.core.somaxconn = 65535" | sudo tee -a /etc/sysctl.conf
|
||
sudo sysctl -p
|
||
```
|
||
|
||
## 部署到生产环境
|
||
|
||
### 1. 安全加固
|
||
|
||
```nginx
|
||
# 隐藏Nginx版本
|
||
server_tokens off;
|
||
|
||
# 限制请求大小
|
||
client_max_body_size 10M;
|
||
|
||
# 添加安全头部
|
||
add_header X-Frame-Options DENY;
|
||
add_header X-Content-Type-Options nosniff;
|
||
add_header X-XSS-Protection "1; mode=block";
|
||
```
|
||
|
||
### 2. SSL配置
|
||
|
||
```nginx
|
||
# HTTPS配置示例
|
||
server {
|
||
listen 443 ssl http2;
|
||
ssl_certificate /path/to/cert.pem;
|
||
ssl_certificate_key /path/to/key.pem;
|
||
|
||
# SSL优化配置
|
||
ssl_protocols TLSv1.2 TLSv1.3;
|
||
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512;
|
||
}
|
||
```
|
||
|
||
### 3. 监控集成
|
||
|
||
```bash
|
||
# 集成Prometheus监控
|
||
sudo apt install nginx-module-prometheus
|
||
|
||
# 或使用日志分析工具
|
||
sudo apt install goaccess
|
||
goaccess /var/log/nginx/client-a-access.log -o report.html --log-format=COMBINED
|
||
```
|
||
|
||
## 总结
|
||
|
||
通过以上配置,你可以在Ubuntu环境中成功测试Nginx多客户端反向代理功能。关键点包括:
|
||
|
||
1. **客户端标识传递**:通过 `X-Client-ID` 头部
|
||
2. **端口映射**:5174-5177映射到不同客户端
|
||
3. **配置动态切换**:应用根据客户端ID选择对应配置
|
||
4. **日志分离**:每个客户端独立的访问和错误日志
|
||
5. **健康检查**:每个端口提供独立的健康检查端点
|
||
|
||
这个方案为生产环境的多客户端部署提供了完整的测试基础。 |