Ansible-完成nginx-proxy负载均衡部署

1.roles/nginx-proxy/tasks/main.yml

`# 自定义传输请求头信息的参数文件
echo '
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;
' > /etc/nginx/proxy_params

`# 创建测试https协议密钥文件
mkdir /etc/nginx/ssl_key
cd /etc/nginx/ssl_key/
openssl req -nodes -newkey rsa:2048 -keyout server.key -out server.csr -subj "/C=/ST=/L=/O=/OU=/CN=IMSCZ"
openssl x509 -req -sha256 -days 36500 -in server.csr -signkey server.key -out server.crt

`# 创建负载均衡后端代理文件 (kod)
echo '
upstream http_kod {
server 172.16.1.7:80;
server 172.16.1.8:80;
server 172.16.1.9:80;
}
server {
    listen 443 ssl;
    server_name kod.imscz.com;
    ssl_certificate ssl_key/server.crt;
    ssl_certificate_key ssl_key/server.key;
    
    charset utf8;
    location / {
        proxy_pass http://http_kod;
        include proxy_params;
    }
}
server {
    listen 80;
    server_name kod.imscz.com;
    return 302 https://$http_host$request_uri;
}
' > /etc/nginx/conf.d/kod.imscz.com


`# 创建负载均衡后端代理文件 (zh)
echo '
upstream http_zh {
server 172.16.1.7:80;
server 172.16.1.8:80;
server 172.16.1.9:80;
}
server {
        listen 443 ssl;
        server_name zh.imscz.com;
        ssl_certificate ssl_key/server.crt;
        ssl_certificate_key ssl_key/server.key;
    
        charset utf8;
    location / {
        proxy_pass http://http_zh;
        include proxy_params;
    }
}
server {
    listen 80;
    server_name zh.imscz.com;
    return 302 https://$http_host$request_uri;
}
' > /etc/nginx/conf.d/zh.imscz.com

`# 创建负载均衡后端代理文件 (zh)
echo '
upstream http_zrlog {
server 172.16.1.7:8080;
server 172.16.1.8:8080;
server 172.16.1.9:8080;
}
server {
        listen 443 ssl;
        server_name zrlog.imscz.com;
        ssl_certificate ssl_key/server.crt;
        ssl_certificate_key ssl_key/server.key;
    
        charset utf8;
    location / {
        proxy_pass http://http_zrlog;
        include proxy_params;
    }
}
server {
    listen 80;
    server_name zrlog.imscz.com;
    return 302 https://$http_host$request_uri;
}
' > /etc/nginx/conf.d/zrlog.imscz.com

- name: Create require_head proxy_params file
  copy:
    src: proxy_params
    dest: /etc/nginx/proxy_params

- name: Create ssl_key directory
  file:
    path: /etc/nginx/ssl_key
    state: directory

- name: Remote send server.crt of ssl_key
  copy:
    src: server.crt
    dest: /etc/nginx/ssl_key/server.crt

- name: Remote send server.key of ssl_key
  copy:
    src: server.key
    dest: /etc/nginx/ssl_key/server.key

- name: Create lb virtual_hosts of ( kod zh zrlog )
  copy:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
  loop:
    - { src: kod.oldxu.com.conf , dest: /etc/nginx/conf.d/kod.cldxu.com.conf }
    - { src: zh.oldxu.com.conf , dest: /etc/nginx/conf.d/zh.cldxu.com.conf }
    - { src: zrlog.oldxu.com.conf , dest: /etc/nginx/conf.d/zrlog.cldxu.com.conf }

- name: Restart nginx
  systemd:
    name: nginx
    state: restarted

2.roles/nginx-proxy/files/

proxy_params
server.crt
server.key
zh.oldxu.com.conf
kod.oldxu.com.conf
zrlog.oldxu.com.conf