- リソースコストを抑えたい
- インスタンスすべてに Global IP を振りたくない
- 複数のアプリケーション/ドメインでひとつのロードバランサを使いたい
- 運用コストを抑えたい
- IP アドレスでのアクセス制限を各インスタンスでやらなくてもよくしたい
- 各インスタンスの IP アドレスを意識したくない
- ロードバランサで SSL 終端したい
Last active
January 27, 2017 03:48
-
-
Save hoto17296/37a905a4354330774f49f3fb121b52c4 to your computer and use it in GitHub Desktop.
NAT + ロードバランサ + 踏み台 サーバ
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
*nat | |
:PREROUTING ACCEPT [0:0] | |
:INPUT ACCEPT [0:0] | |
:OUTPUT ACCEPT [0:0] | |
:POSTROUTING ACCEPT [0:0] | |
-A POSTROUTING -s 10.0.0.0/16 -o eth0 -j MASQUERADE | |
COMMIT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 80; | |
server_name foo.example.com; | |
return 301 https://$host$request_uri; | |
} | |
server { | |
listen 443 ssl; | |
server_name foo.example.com; | |
ssl_certificate /etc/nginx/ssl/example.com.crt; | |
ssl_certificate_key /etc/nginx/ssl/example.com.key; | |
location / { | |
proxy_pass http://foo.example.internal; | |
proxy_set_header host $host; | |
proxy_set_header X-Forwarded-Port $server_port; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment