绿联DXP-4800 NAS用于部署网站的一些经验|violet blog

1.申请公网ip

当前只有联通办宽带是可以给公网ip了

2. 域名映射到这个公网ip

我自己是购买的腾讯云的域名服务，当时这个域名50元买10年，lucky！

可以如下图所示配置相应的域名映射和二级域名映射

3. 配置DDNS动态域名解析

使得我的域名都能绑定到这个公网ip

如下所示配置：

点击应用后如下

在此之前最好固定下nas的局域网ip，不然断电重启ip改变了会造成一些麻烦，如下操作

同时将这个ip和mac绑定下

4. 路由器开启端口映射

将nas的端口暴露到外网

如图：

这边一共开启了3个端口

22端口：用于ssh连接nas
9443端口：nas的443端口
8000端口，对应nas的第一层nginx的80端口映射的8000端口

没有单独暴露nas的80端口也是为了一定程度的安全考虑

5.配置一级nginx

主要用于二级域名映射到对应的服务资源，此处nginx是必须使用host模式部署

特别注意：

halo的服务加了client_max_body_size 配置，因为导入备份文件都是很大的，不加的话导入备份会报错413 请求体太大

# nas服务的9443
server {
	listen 8000;  # 80的外部端口
	server_name nas.carolin-violet.cn;

    location / {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://192.168.0.100:9443/;
    }
}

# mysql
server {
    listen 8000;
    server_name mysql.carolin-violet.cn;

    location / {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://192.168.0.100:3306;
    }
}

# redis
server {
    listen 8000;
    server_name redis.carolin-violet.cn;

    location / {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://192.168.0.100:6380;
    }
}

# minio控制台
server {
    listen 8000;
    server_name minio.carolin-violet.cn;

	# 该站点上传限制：100M（覆盖全局配置）
    client_max_body_size 100m;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_connect_timeout 300;
  
        proxy_set_header Connection "";
        chunked_transfer_encoding off;

        # 添加了websocket支持
        # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
        proxy_http_version      1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_next_upstream     http_500 http_502 http_503 http_504 error timeout invalid_header;
        proxy_set_header        Host  $http_host;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_pass http://192.168.0.100:9001;
    }
}

# minio的api
server {
    listen 8000;
    server_name minio-api.carolin-violet.cn;

	# 该站点上传限制：100M（覆盖全局配置）
    client_max_body_size 100m;

    location / {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://192.168.0.100:9000;
    }
}

# 用户中心前端服务
server {
    listen 8000;
    server_name user-center.carolin-violet.cn;

    location / {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://192.168.0.100:8101;
    }
}

# 书签系统前端服务
server {
    listen 8000;
    server_name bookmark.carolin-violet.cn;

    location / {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://192.168.0.100:8102;
    }
}

# Halo 服务
server {
    listen 8000;
    server_name halo.carolin-violet.cn;

	# 该站点上传限制：2000M（覆盖全局配置）
    client_max_body_size 2000m;

    location / {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://192.168.0.100:8090/;
    }
}

# firefox
server {
    listen 8000;
    server_name firefox.carolin-violet.cn;

    location / {
        proxy_pass http://192.168.0.100:5800/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}