Nginx 配置示例

Nginx 是一款广受欢迎的 Web 和反向代理服务器。

它可用作 Looker 与最终用户之间的层,以更改网络浏览器用于访问 Looker 的端口。默认情况下,用户必须使用类似于 https://hostname.domain.com:9999 的网址。使用与本页类似的 Nginx 配置,用户无需端口号即可访问 Looker,例如 https://hostname.domain.com。这样更便于用户输入和记住,而且通常也更方便。

此处包含一个示例 nginx.conf。您需要根据自己的环境对其进行自定义。

user www-data;
worker_processes 4;
pid /var/run/nginx.pid;

events {
  worker_connections 768;
  # multi_accept on;
}

http {

  ##
  # Basic Settings
  ##

  sendfile on;
  tcp_nopush on;
  tcp_nodelay on;
  keepalive_timeout 65;
  types_hash_max_size 2048;
  large_client_header_buffers 6 32k;
  client_max_body_size 100m;

  # server_names_hash_bucket_size 64;
  # server_name_in_redirect off;
  include /etc/nginx/mime.types;
  default_type application/octet-stream;

  ##
  # Logging Settings
  ##
  access_log /var/log/nginx/access.log;
  error_log /var/log/nginx/error.log debug; # change from debug to warn or error for production

  ##
  # Gzip Settings
  ##
  gzip on;
  gzip_disable "msie6";

  ##
  # Virtual Host Configs
  ##

  include /etc/nginx/conf.d/*.conf;
  include /etc/nginx/sites-enabled/*;

  server {
    listen                     443;
    ssl                        on;
    ssl_certificate            /etc/looker/ssl/certs/self-ssl.crt;
                                 # replace with your cert file
    ssl_certificate_key        /etc/looker/ssl/private/self-ssl.key;
                                 # replace with your key file
    ssl_protocols              TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers                RC4:HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;
    ssl_session_cache          shared:SSL:10m;
    ssl_session_timeout        10m;

    location / {
      proxy_pass https://looker.domain.com:9999; # Replace looker.domain.com with the name
                                                 # that clients will use to access Looker

      ### Force timeouts if one of backend hosts is dead ###
      proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

      ### Set headers ###
      proxy_set_header          X-Real-IP $remote_addr;
      proxy_set_header          Accept-Encoding "";
      proxy_set_header          Host $http_host;
      proxy_set_header          X-Forwarded-For $proxy_add_x_forwarded_for;

      ### Don't timeout waiting for long queries - timeout is 1 hr ###
      proxy_read_timeout        3600;
      proxy_set_header          X-Forwarded-Proto $scheme;

      ### By default we don't want to redirect ###
      proxy_redirect            off;

      proxy_buffer_size         128k;
      proxy_buffers             4 256k;
      proxy_busy_buffers_size   256k;
    }
  }

  server {
    listen                     19999;
    ssl                        on;
    ssl_certificate            /etc/looker/ssl/certs/self-ssl.crt;
                                 # replace with your cert file
    ssl_certificate_key        /etc/looker/ssl/private/self-ssl.key;
                                 # replace with your key file
    ssl_protocols              TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers                RC4:HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;
    ssl_session_cache          shared:SSL:10m;
    ssl_session_timeout        10m;

    location / {
      proxy_pass https://looker.domain.com:19999; # Replace looker.domain.com with the name
                                                  # that clients will use to access Looker

      ### Force timeouts if one of backend hosts is dead ###
      proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

      ### Set headers ###
      proxy_set_header          X-Real-IP $remote_addr;
      proxy_set_header          Accept-Encoding "";
      proxy_set_header          Host $http_host;
      proxy_set_header          X-Forwarded-For $proxy_add_x_forwarded_for;

      ### Don't timeout waiting for long queries - timeout is 1 hr ###
      proxy_read_timeout        3600;
      proxy_set_header          X-Forwarded-Proto $scheme;

      ### By default we don't want to redirect ###
      proxy_redirect            off;

      proxy_buffer_size         128k;
      proxy_buffers             4 256k;
      proxy_busy_buffers_size   256k;
    }
  }
}