一.起因:
1.最近公司频繁添加nginx 虚拟主机,操作太过频繁,人工太坑,真对此需求新开发通过界面添加nginx 虚拟主机;
二.前端页面代码;
<form action="/nginx_configuer" method="get"> <div class="row"> <div class="col-md-6" style="margin-top: 10px"> <div class="form-group"> <label for="exampleFormControlSelect1">nginx应用名称</label> <select class="form-control" id="exampleFormControlSelect1"> <option>ops_nginx01</option> <option>ops_nginx02</option> </select> <br> <div class="col-xs-12"> <label for="exampleFormControlSelect1">访问域名</label> <input type="text" id="text" name="domain_name" required="required" placeholder="" class="form-control col-md-7 col-xs-12"> <br> <label for="exampleFormControlSelect1">后端ip地址</label> <input type="text" id="text02" name="backend_ip" required="required" placeholder="" class="form-control col-md-7 col-xs-12"> <br> <label for="exampleFormControlSelect1">后端服务端口</label> <input type="text" id="text03" name="backend_port" required="required" placeholder="" class="form-control col-md-7 col-xs-12"> </div> </div> </div> <div class="col-md-6" style="margin-top: 10px"> <label for="exampleFormControlSelect1">Nginx IP列表</label> <select multiple class="form-control" id="nuber01"> </select> <label for="exampleFormControlSelect1">Upstream 名称</label> <input type="text" id="text04" name="upstream_name" required="required" placeholder="" class="form-control col-md-7 col-xs-12"> </div> </div> </div> <div role="tabpanel" class="tab-pane fade" id="Test"> TEST </div> <div role="tabpanel" class="tab-pane fade" id="Ontest"> ONTEST </div> <div role="tabpanel" class="tab-pane fade" id="Cloudtest"> CLOUD </div> <div role="tabpanel" class="tab-pane fade" id="Prod"> PROD </div> </div> </div> <div class="modal-footer"> <button type="button" class="btn btn-secondary" data-dismiss="modal">取消</button> <button type="submit" class="btn btn-primary">确定</button> </div> </form>
页面效果如下;
三.flask 路由代码如下;
"""
通过页面新增nginx 虚拟主机,固定参数,域名,后端ip地址和端口以及upstream 名称;
"""
@app.route('/nginx_configuer', methods=['GET'])
def nginx_configuer():
domain_name = request.args.get('domain_name')
backend_ip = request.args.get('backend_ip')
backend_port = request.args.get('backend_port')
upstream_name = request.args.get('upstream_name')
nginx_config_instance = Nginx_configure()
result = nginx_config_instance.nginx_config_edit(domain_name,backend_ip,backend_port,upstream_name)
return Response(json.dumps(result), mimetype='application/json')四.后台处理逻辑代码如下;
# -*- coding: utf-8 -*-
import os
class Nginx_configure(object):
def nginx_config_edit(self,domain_name,backend_ip, backend_port,upstream_name):
= domain_name
self.ip = backend_ip
self.port = backend_port
self.upstream_name = upstream_name
p = os.popen("/bin/bash ./shell/nginx_set_config.sh {0} {1} {2} {3}".format(,self.ip,self.port,self.upstream_name))
reult = p.read()
return reult4.实现shell 脚本如下;
#!/bin/bash
function Edit_nginx_config(){
if [ $# == 0 ]
then
echo "no parameters nuber"
else
if [ $# == 4 ]
then
cat >/etc/nginx/conf.d/$1.conf<<EOF
upstream $4 {
server $2:$3;
}
server {
listen 80;
server_name $1;
access_log /chj/data/log/$1.log;
location / {
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS,HEAD;
proxy_pass http://$4;
}
}
EOF
echo "domain_nming add sucess"
else
echo "Insufficient parameters $#"
fi
fi
}
Edit_nginx_config $1 $2 $3 $4(5).自动生成配置文件脚本;
#!/bin/bash
module_prod() {
domain=$1
if echo $domain|grep opstest.com >/dev/null;then
upstream_name=`echo $domain | sed 's#\.opstest\.com##' | sed 's#\.#-#g'`
fi
if echo $domain|grep devops.com >/dev/null;then
upstream_name=`echo $domain | sed 's#\.devops\.com##' | sed 's#\.#-#g'`
fi
cat >/home/ops/monitor/shell/logs/module_${domain}.conf<<EOF
upstream {UPSTREAM_NAME}{
{UPSTREAM_ADDR}
}
server {
listen 80;
server_name {DOMAIN};
client_max_body_size 100000M;
charset utf-8;
rewrite ^(.*)$ https://\$host\$1 permanent;
}
server{
listen 443 ssl http2;
server_name {DOMAIN};
client_max_body_size 100000M;
ssl_certificate /app/nginx/conf/cert/opstest.com.crt;
ssl_certificate_key /app/nginx/conf/cert/opstest.com.key.pem;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
access_log /data/log/nginx/{DOMAIN}.log;
location / {
proxy_pass http://{UPSTREAM_NAME};
}
}
EOF
}
module_noprod() {
domain=$1
upstream_name=`echo $domain | sed 's#\.opstest\.com##' | sed 's#\.#-#g'`
cat >/home/ops/monitor/shell/logs/module_${domain}.conf<<EOF
upstream {UPSTREAM_NAME}{
{UPSTREAM_ADDR}
}
server {
listen 80;
server_name {DOMAIN};
charset utf-8;
access_log /data/log/nginx/{UPSTREAM_NAME}.log;
location / {
proxy_pass http://{UPSTREAM_NAME};
}
}
server{
listen 443 ssl http2;
server_name {DOMAIN};
ssl_certificate /etc/pki/CA/private/opstest.com.crt;
ssl_certificate_key /etc/pki/CA/private/opstest.com.key.pem;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
access_log /data/log/nginx/{UPSTREAM_NAME}.log;
location / {
proxy_pass http://{UPSTREAM_NAME};
}
}
EOF
}
module_ontest() {
domain=$1
upstream_name=`echo $domain | sed 's#\.opstest\.com##' | sed 's#\.#-#g'`
cat >/home/ops/monitor/shell/logs/module_${domain}.conf<<EOF
upstream {UPSTREAM_NAME}{
{UPSTREAM_ADDR}
}
server {
listen 80;
server_name {DOMAIN};
charset utf-8;
access_log /data/log/nginx/{UPSTREAM_NAME}.log;
location / {
proxy_pass http://{UPSTREAM_NAME};
}
}
server{
listen 443 ssl http2;
server_name {DOMAIN};
ssl_certificate /etc/pki/CA/private/opstest.com.crt;
ssl_certificate_key /etc/pki/CA/private/opstest.com.key.pem;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
access_log /data/log/nginx/{UPSTREAM_NAME}.log;
location / {
proxy_pass http://{UPSTREAM_NAME};
}
}
EOF
}
setIp() {
>/home/ops/monitor/shell/logs/tphost
run_env=$1
if [ "$run_env" == "test" ];then
echo -n -e "[domain-ip]\n192.168.42.111" >/home/ops/monitor/shell/logs/tphost
fi
if [ "$run_env" == "dev" ];then
echo -n -e "[domain-ip]\n192.168.43.111" >/home/ops/monitor/shell/logs/tphost
fi
if [ "$run_env" == "testone" ];then
echo -n -e "[domain-ip]\n192.168.34.111" >/home/ops/monitor/shell/logs/tphost
fi
if [ "$run_env" == "ontest" ];then
echo -n -e "[domain-ip]\n192.168.45.112" >/home/ops/monitor/shell/logs/tphost
fi
if [ "$run_env" == "prod" ];then
echo -n -e "[domain-ip]\n192.168.42.11\n192.168.42.112" >/home/ops/monitor/shell/logs/tphost
fi
}
judgeDomain() {
domain=$1
if dig @192.168.54.231 $domain +short |grep '[0-9]' >/dev/null;then
echo "$domain 已经存在"
exit
fi
}
run_env=`echo $1 |tr [A-Z] [a-z]`
domain="$2"
proxy_ip="$3"
upstream_name=`echo $domain|sed 's#\.#-#g'`
judgeDomain $domain
if [ "$run_env" == "prod" ];then
module_prod $domain
elif [ "$run_env" == "ontest" ];then
module_ontest $domain
else
module_noprod $domain
fi
setIp ${run_env}
for ip in `echo ${proxy_ip} |sed 's#\,#\n#g'`
do
upstream="$upstream server $ip max_fails=3 fail_timeout=10s;\n"
done
sed -i "s#{DOMAIN}#${domain}#" /home/ops/monitor/shell/logs/module_${domain}.conf
sed -i "s#{UPSTREAM_ADDR}#${upstream}#" /home/ops/monitor/shell/logs/module_${domain}.conf
sed -i "s#{UPSTREAM_NAME}#${upstream_name}#g" /home/ops/monitor/shell/logs/module_${domain}.conf
ansible -i /home/ops/monitor/shell/logs/tphost domain-ip -m copy -a "src=/home/ops/monitor/shell/logs/module_${domain}.conf dest=/app/nginx/conf/conf.d/${domain}.conf" --sudo
ansible -i /home/ops/monitor/shell/logs/tphost domain-ip -m shell -a "/app/nginx/sbin/nginx -t && /app/nginx/sbin/nginx -s reload" --sudo
