需求场景
客户在公司内网想要访问OSS,可通过搭建以下网络架构进行代理访问
Docker模拟实验环境
预备实验材料:
1)构建容器内网 internal-net
2)指定内网创建容器:internal-serverA, internal-serverB 进行模拟上述架构图的服务器A和B(proxy)
3)预备公共读OSS bucket URL资源
http://<your-bucket-name>.oss-cn-hangzhou.aliyuncs.com/1.pdf
1.创建私有网络 internal-net
# docker network create --subnet=172.18.0.0/16 internal-net
2.docker 启动2个centos容器 搭建实验环境:
# docker run -id --network internal-net --ip 172.18.0.101 --name internal-serverA centos:centos7 /bin/bash # docker run -id -p 20021:20021 --network internal-net --ip 172.18.0.102 --name internal-serverB centos:centos7 /bin/bash
注意:只能对自创建的网络,指定IP 运行
3.罗列创建的容器
$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b619ba980be3 centos:centos7 "/bin/bash" 3 minutes ago Up 3 minutes 0.0.0.0:20021->20021/tcp internal-serverB 0f649236191e centos:centos7 "/bin/bash" 3 minutes ago Up 3 minutes internal-serverA
4.进入容器编辑反向代理
进入容器 internal-serverB:
$ docker exec -it b619ba980be3 /bin/bash
# yum -y install wget pcre-devel zlib-devel gcc gcc-c++ make openssl openssl-devel # cd /opt # wget http://nginx.org/download/nginx-1.22.0.tar.gz # tar -zxvf nginx-1.22.0.tar.gz # useradd -M -s /sbin/nologin nginx # cd nginx-1.22.0/ # ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module --with-http_ssl_module # make && make install # ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/ # vi /usr/local/nginx/conf/nginx.conf
配置一下反向代理server块:
server { listen 20021; server_name 172.18.0.102; location / { proxy_pass http://<your-bucket-name>.oss-cn-hangzhou.aliyuncs.com; } }
启动nginx:
# nginx
5.进入容器 internal-serverA 验证代理
# docker exec -it b619ba980be3 /bin/bash
验证:
# curl -vo 1 'http://172.18.0.102:20021/1.pdf'
执行结果:
* About to connect() to 172.18.0.102 port 20021 (#0) * Trying 172.18.0.102... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to 172.18.0.102 (172.18.0.102) port 20021 (#0) > GET /1.pdf HTTP/1.1 > User-Agent: curl/7.29.0 > Host: 172.18.0.102:20021 > Accept: */* > < HTTP/1.1 200 OK < Server: nginx/1.22.0 < Date: Sun, 23 Oct 2022 02:43:02 GMT < Content-Type: application/pdf < Content-Length: 414779 < Connection: keep-alive < x-oss-request-id: 6354AA367CF8423935D54257 < Accept-Ranges: bytes < ETag: "462728323210DF31D6301F53395324AA-5" < Last-Modified: Wed, 19 Oct 2022 01:37:22 GMT < x-oss-object-type: Multipart < x-oss-hash-crc64ecma: 1266571743596954436 < x-oss-storage-class: Standard < x-oss-expiration: expiry-date="Thu, 20 Oct 2022 00:00:00 GMT", rule-id="9ba4a019-c7d1-4b07-b417-483a55f41a7f" < x-oss-version-id: CAEQbhiBgMDk1Ma3nxgiIGVkMDUxNzE2YWI2YjRjYzViYjliOTA2ODFhZjdkZWJl < x-oss-server-time: 96 < { [data not shown] 100 405k 100 405k 0 0 949k 0 --:--:-- --:--:-- --:--:-- 950k * Connection #0 to host 172.18.0.102 left intact
实验代理成功。