CN111294220B - Nginx-based network isolation configuration method and device - Google Patents
Nginx-based network isolation configuration method and device Download PDFInfo
- Publication number
- CN111294220B CN111294220B CN201811496543.1A CN201811496543A CN111294220B CN 111294220 B CN111294220 B CN 111294220B CN 201811496543 A CN201811496543 A CN 201811496543A CN 111294220 B CN111294220 B CN 111294220B
- Authority
- CN
- China
- Prior art keywords
- user
- nginx
- isolation space
- file
- configuration file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0893—Assignment of logical groups to network elements
Abstract
The invention discloses a nginx-based network isolation configuration method and device, and belongs to the technical field of cloud computing. The method comprises the following steps: when the nginx program is initialized, a plurality of user state isolation spaces are set based on a user state protocol stack; acquiring file identifications of the plurality of configuration files according to a configuration file directory of the nginx program; allocating equipment operating resources for each user-mode isolation space through the file identifier; and aiming at each user state isolation space, processing nginx program data corresponding to the user state isolation space through equipment operation resources of the user state isolation space. The invention can reduce the consumption of system resources.
Description
Technical Field
The invention relates to the technical field of cloud computing, in particular to a nginx-based network isolation configuration method and device.
Background
In the cloud computing system, an isolation space can be correspondingly set for a plurality of users in one network device through a network isolation technology, data of each user is stored in the corresponding isolation space, and various services are provided for the users through the isolation space.
The Nginx program can provide high-performance reverse proxy service, web service and mail service, and in the process of providing the service, the Nginx program can realize network isolation through methods such as LXC and Jail, but the methods cannot be applied to a user mode protocol stack based on technologies such as DPDK. In the running process of the nginx program on the user mode protocol stack based on technologies such as DPDK, when a large number of different users are faced, a plurality of nginx programs need to be started simultaneously, however, the simultaneous starting and running of the plurality of nginx programs can consume a large amount of system resources. Therefore, a network isolation configuration method based on nginx is needed at present, which can realize network isolation of the nginx program in a user mode protocol stack and reduce system resource consumption.
Disclosure of Invention
In order to solve the problems in the prior art, embodiments of the present invention provide a method and an apparatus for network isolation configuration based on nginx. The technical scheme is as follows:
in a first aspect, a nginx-based network isolation configuration method is provided, where the method includes:
when the nginx program is initialized, a plurality of user state isolation spaces are set based on a user state protocol stack;
acquiring file identifiers of the plurality of configuration files according to a configuration file directory of the nginx program;
allocating equipment operating resources for each user-mode isolation space through the file identifier;
and aiming at each user state isolation space, processing nginx program data corresponding to the user state isolation space through equipment running resources of the user state isolation space.
Further, the obtaining the file identifiers of the multiple configuration files according to the configuration file directory of the nginx program includes:
loading a corresponding target configuration file directory in the nginx program;
traversing the target configuration file directory in the nginx program, and determining a plurality of target configuration files contained in the target configuration file directory according to the extension names of the configuration files;
and acquiring a file identifier of each target configuration file, wherein the file identifier is a file main name of the target configuration file.
Further, the allocating, by the file identifier, an operating resource for each user-mode isolation space includes:
distributing one file identifier for each user mode isolation space;
determining a configuration file corresponding to each user mode isolation space according to the file identification;
and allocating the equipment operation resources for each user mode isolation space according to the configuration file.
Further, after the setting of the plurality of user-state isolation spaces based on the user-state protocol stack, the method further includes:
adding a user-mode isolation space identification parameter in a socket interface creating function of the user-mode protocol stack;
and creating a nginx program socket according to the socket interface creating function, wherein the nginx program socket comprises a user-state isolation space identification parameter.
Further, for each user-state isolation space, processing nginx program data corresponding to the user-state isolation space through the device running resource of the user-state isolation space, including:
when the nginx program data to be sent exist, determining a file identifier of a target configuration file according to the generation logic of the nginx program data;
assigning a user mode isolation space identifier parameter contained in a pre-created nginx program socket according to the file identifier of the target configuration file;
and sending the nginx program data through the equipment running resource of the user-state isolation space corresponding to the user-state isolation space identification parameter value.
Further, the method further comprises:
and establishing association between the network cards and the user state isolation space, so that each network card corresponds to one user state isolation space.
Further, for each user-state isolation space, processing nginx program data corresponding to the user-state isolation space through the device running resource of the user-state isolation space, including:
when nginx program data are received from a target network card, determining a target user state isolation space corresponding to the target network card;
and processing the nginx program data based on the nginx program according to the configuration file and the equipment running resource corresponding to the target user state isolation space.
In a second aspect, an apparatus for nginx-based network isolation configuration is provided, the apparatus comprising:
the setting module is used for setting a plurality of user state isolation spaces based on a user state protocol stack when the nginx program is initialized;
the file identification module is used for acquiring file identifications of the plurality of configuration files according to the configuration file directory of the nginx program;
the resource allocation module is used for allocating the running resources of the equipment for each user-state isolation space through the file identification;
and the processing module is used for processing nginx program data corresponding to the user state isolation space through the equipment operation resources of the user state isolation space aiming at each user state isolation space.
Further, the file identification module is specifically configured to:
loading a corresponding target configuration file directory in the nginx program;
traversing the target configuration file directory in the nginx program, and determining a plurality of target configuration files contained in the target configuration file directory according to the extension names of the configuration files;
and acquiring a file identifier of each target configuration file, wherein the file identifier is a file main name of the target configuration file.
Further, the resource allocation module is specifically configured to:
distributing one file identifier for each user mode isolation space;
determining a configuration file corresponding to each user state isolation space according to the file identification;
and allocating the equipment operation resources for each user mode isolation space according to the configuration file.
Further, the apparatus further comprises:
the reconstruction module is used for adding a user-mode isolation space identification parameter in a socket interface creating function of the user-mode protocol stack;
and the socket creating module is used for creating a nginx program socket according to the socket creating interface function, wherein the nginx program socket comprises a user-state isolation space identification parameter.
Further, the processing module is specifically configured to:
when the nginx program data to be sent exist, determining a file identifier of a target configuration file according to the generation logic of the nginx program data;
assigning a user mode isolation space identifier parameter contained in a pre-created nginx program socket according to the file identifier of the target configuration file;
and sending the nginx program data through the equipment running resource of the user-state isolation space corresponding to the user-state isolation space identification parameter value.
Further, the apparatus further comprises:
and the binding module is used for establishing association between the network cards and the user state isolation space so that each network card corresponds to one user state isolation space.
Further, the processing module is specifically configured to:
when nginx program data are received from a target network card, determining a target user state isolation space corresponding to the target network card;
and processing the nginx program data based on the nginx program according to the configuration file and the equipment running resource corresponding to the target user state isolation space.
In a third aspect, a server is provided, which includes a processor and a memory, where at least one instruction, at least one program, a set of codes, or a set of instructions is stored in the memory, and the at least one instruction, the at least one program, the set of codes, or the set of instructions is loaded and executed by the processor to implement the nginx-based network isolation configuration method according to the first aspect.
In a fourth aspect, a computer readable storage medium is provided, in which at least one instruction, at least one program, a set of codes, or a set of instructions is stored, which is loaded and executed by a processor to implement the nginx-based network isolated configuration method according to the first aspect.
The technical scheme provided by the embodiment of the invention has the following beneficial effects:
in the embodiment of the invention, when the nginx program is initialized, a plurality of user state isolation spaces are set based on a user state protocol stack; acquiring file identifications of a plurality of configuration files according to a configuration file directory of the nginx program; allocating equipment operation resources for each user mode isolation space through file identification; and aiming at each user state isolation space, processing nginx program data corresponding to the user state isolation space through equipment operation resources of the user state isolation space. Therefore, the configuration file of the nginx program, equipment operation resources required by the operation of the configuration file and the user state isolation space can be bound together, and the nginx server can process the nginx program data of different users through different user state isolation spaces without mutual interference, so that network isolation of the nginx program is realized on a user state protocol stack, a plurality of nginx programs are prevented from being operated simultaneously, and system resource consumption is reduced.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart of a nginx-based network isolation configuration method according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a nginx-based network isolation configuration apparatus according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a nginx-based network isolation configuration apparatus according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a nginx-based network isolation configuration apparatus according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
The embodiment of the invention provides a nginx-based network isolation configuration method, which can be applied to a nginx server in a cloud computing system, wherein the nginx server can be used as a web server, a reverse proxy server or an email proxy server to provide services in the cloud computing system. And the Nginx server is provided with a user mode protocol stack based on DPDK or other technologies, and processes the received Nginx program data through a Nginx program running on the user mode protocol stack. The Nginx server may include a processor, a memory and a transceiver, the processor may be configured to perform the network isolation configuration method in the following process, the memory may be configured to store data required and generated in the following process, and the transceiver may be configured to receive and transmit related data in the following process. The application scenario of this embodiment may be: before the nginx server normally provides services, the nginx program is started first, the nginx program is initialized, the nginx server sets a plurality of user state isolation spaces based on a user state protocol stack, then the nginx server obtains file identifiers of a plurality of configuration files from a configuration file directory specified in the nginx program, and equipment operation resources are distributed for each user state isolation space through the obtained file identifiers. After the nginx program data are received, the nginx server can use the device running resources of the user-state isolation space to process the nginx program data corresponding to the user-state isolation space.
Step 101: when the nginx program is initialized, a plurality of user-state isolation spaces are set based on a user-state protocol stack.
In implementation, the nginx program is installed on the nginx server, and the nginx program can execute various business processes on a user mode protocol stack of the nginx server, so that the nginx server can serve as a web server, a reverse proxy server or an email proxy server and provide services for users in a cloud computing system. The Nginx program can perform initialization operation when the Nginx program is started for the first time or restarted due to faults, and at the moment, the Nginx server sets a plurality of user-mode isolation spaces on a user-mode protocol stack. The specific number of the user-mode isolation spaces set by the Nginx server may be preset on the Nginx server by a manager, or may be automatically recorded by the Nginx server according to the number of the user-mode isolation spaces used by the Nginx program in the last time of running. If the number of the user state isolation spaces required actually is larger than the set number of the user state isolation spaces, the user state isolation spaces can be additionally arranged at any time in the running process of the nginx program.
Step 102: and acquiring file identifications of a plurality of configuration files according to the configuration file directory of the nginx program.
In implementation, after the user-state isolation space is set, the nginx server may load a configuration file directory of the nginx, search a plurality of suitable configuration files from the configuration file directory, and obtain file identifiers of the configuration files respectively.
The Nginx program may include a plurality of file directories, and the configuration file directory may include a plurality of configuration files, and the processing in step 102 may specifically be as follows: loading a corresponding target configuration file directory in the nginx program; traversing a target configuration file directory in the nginx program, and determining a plurality of target configuration files contained in the target configuration file directory according to the extension names of the configuration files; and acquiring the file identifier of each target configuration file.
The extension of the target configuration file may be · conf, and the file identifier is a file primary name of the target configuration file.
In implementation, in order to implement the process of loading the configuration file directory, a function of loading the configuration file directory through "-d" may be added to the nginx program on the basis of implementing loading the configuration file through "-c". Thus, after nginx is started, the nginx server can load the configuration file directory corresponding to the nginx program through the "-d", namely the target configuration file directory. The Nginx server traverses the target configuration file directory in the Nginx program, obtains the file names of all the configuration files contained in the target configuration file directory, and then the Nginx server may determine the target configuration file according to the extension of the configuration file, for example, may determine the configuration file in which the extension of the configuration file is · conf as the target configuration file. And then, the Nginx server acquires the file main names corresponding to the target configuration files as the file identifications of the target configuration files.
Step 103: and allocating the equipment operating resources for each user-mode isolation space through the file identification.
In implementation, after obtaining the file identifiers of the multiple configuration files, the nginx server may allocate, to the file identifiers, the device operating resources corresponding to each file identifier to each set user-state isolation space.
The Nginx program may execute different service processes in different user-mode isolation spaces according to different configuration files, so that each isolation space is required to have a device operation resource required by the operation of the configuration file corresponding to the isolation space, and therefore, the processing in step 103 may specifically be as follows: distributing a file identifier for each user mode isolation space; determining a configuration file corresponding to each user mode isolation space according to the file identification; and allocating equipment operation resources for each user-mode isolation space according to the configuration file.
In implementation, after obtaining file identifiers of all target configuration files, the nginx server allocates one file identifier to each user-state isolation space set in advance, each user-state isolation space can only be allocated with one file identifier, and each file identifier can only be allocated to one user-state isolation space. And the Nginx server determines a configuration file corresponding to each user-mode isolation space according to the file identifier distributed by the user space. According to the requirements of the configuration file, the nginx server allocates corresponding equipment running resources for each user state isolation space, and the equipment running resources corresponding to different user state isolation spaces are isolated from each other and do not affect each other. The device running resources can be main, http, server, location, mail and the like, and can support the nginx server to provide multiple functions of a static page server, a reverse proxy, load balancing and the like. It can be understood that the number of the file identifiers acquired by the nginx server is not necessarily the same as the number of the set user-state isolation spaces, and therefore, as described above, at this time, more user-state isolation spaces may be set according to specific requirements, so as to satisfy the one-to-one correspondence between the user-state isolation spaces and the file identifiers.
Step 104: and aiming at each user state isolation space, processing nginx program data corresponding to the user state isolation space through equipment operation resources of the user state isolation space.
In implementation, after the device running resource is allocated to each user-mode isolation space, when nginx program data is received, the nginx server can use the device running resource of the user-mode isolation space corresponding to the nginx program data to perform corresponding processing on the nginx program data.
The network isolation technology based on the user mode protocol stack can be realized by modifying the socket interface function, and the corresponding processing can be as follows: adding a user-mode isolation space identification parameter in a socket interface creating function of a user-mode protocol stack; and creating a nginx program socket according to the function of creating the socket interface.
Wherein, the nginx program socket contains the user-state isolation space identification parameter.
In implementation, after the nginx server sets a plurality of user state isolation spaces on the user state protocol stack, user state isolation space identification parameters can be added in a socket interface creating function on the continued user state protocol stack, and then a nginx program socket is created according to the socket interface creating function. And the created nginx program socket contains the user-state isolation space identification parameter to be assigned. Therefore, the user-mode isolation space identification parameter values can be assigned at any time according to needs, and then according to different user-mode isolation space identification parameter values, nginx program data are transmitted between the user-mode isolation space and the nginx program through the nginx program socket.
The Nginx server may specify a user-mode isolation space to be responsible for the transmission of Nginx program data through the created Nginx program socket, and accordingly, the process of step 104 may be as follows: when the nginx program data to be sent exist, determining a file identifier of a target configuration file according to the generation logic of the nginx program data; assigning a user-mode isolation space identification parameter contained in a pre-created nginx program socket according to the file identification of the target configuration file; and transmitting nginx program data through the equipment running resource of the user-state isolation space corresponding to the user-state isolation space identification parameter value.
In implementation, when the nginx program generates nginx program data to be sent in the running process, the nginx server may determine the generation logic of the nginx program data first, and then determine the file identifier of the target configuration file to which the generation logic belongs. And then, the nginx server assigns a value to the user-mode isolation space identification parameter in the pre-created nginx program socket by using the file identification of the target configuration file to obtain a user-mode isolation space identification parameter value. Thus, the nginx server can determine the user state isolation space corresponding to the user state isolation space identification parameter value, and then complete the sending processing of the nginx program data through the equipment running resource of the user state isolation space.
After the Nginx server sets a plurality of user state isolation spaces based on a user state protocol stack, the user state isolation spaces can be associated with a local network card of the Nginx server, so that Nginx program data received by the Nginx server can be directly sent to the user state isolation spaces to wait for processing, and the corresponding processing can be as follows: and establishing association between the network cards and the user state isolation space, so that each network card corresponds to one user state isolation space.
In implementation, after the plurality of user state isolation spaces are set, the nginx server can also associate a local network card of the nginx server with the user state isolation spaces, and each network card corresponds to one user state isolation space, so that data received through the network card can be directly sent to the user state isolation space associated with the network card, and the user state isolation space can also send the data outwards through the network card. It can be understood that the local network card of the nginx server associated with the user-state isolation space may be a physical network card or a virtual network card.
Based on the above processing of binding the network card to the user-state isolation space, the received nginx program data may be processed through the user-state isolation space corresponding to the network card, and correspondingly, the processing in step 104 may be as follows: when nginx program data are received from the target network card, determining a target user state isolation space corresponding to the target network card; and processing nginx program data based on the nginx program according to the configuration file and the equipment running resource corresponding to the target user state isolation space.
In implementation, after allocating the device operation resources for each user-mode isolation space, when nginx program data is received, referring to the above, the nginx server may determine the target user-mode isolation space corresponding to the target network card by using the network card (taking the target network card as an example) that receives the nginx program data. And then, the nginx server can process the nginx program data based on the nginx program by using the equipment running resource distributed to the user mode isolation space according to the configuration file corresponding to the target user mode isolation space.
In the embodiment of the invention, when the nginx program is initialized, a plurality of user state isolation spaces are set based on a user state protocol stack; acquiring file identifications of a plurality of configuration files according to a configuration file directory of the nginx program; allocating equipment operation resources for each user-mode isolation space through file identification; and aiming at each user state isolation space, processing nginx program data corresponding to the user state isolation space through equipment operation resources of the user state isolation space. Therefore, the configuration file of the nginx program, equipment operation resources required by the operation of the configuration file and the user state isolation space can be bound together, and the nginx server can process the nginx program data of different users through different user state isolation spaces without mutual interference, so that network isolation of the nginx program is realized on a user state protocol stack, a plurality of nginx programs are prevented from being operated simultaneously, and system resource consumption is reduced.
Based on the same technical concept, an embodiment of the present invention further provides a nginx-based network isolation configuration apparatus, as shown in fig. 2, the apparatus includes:
the setting module 201 is configured to set a plurality of user-mode isolation spaces based on a user-mode protocol stack when the nginx program is initialized.
A file identifier module 202, configured to obtain file identifiers of the multiple configuration files according to the configuration file directory of the nginx program.
And the resource allocation module 203 is configured to allocate the operating resources to each user-mode isolation space through the file identifier.
And the processing module 204 is configured to, for each user-state isolation space, process nginx program data corresponding to the user-state isolation space through the device running resource of the user-state isolation space.
Optionally, the file identification module 202 is specifically configured to:
loading a corresponding target configuration file directory in the nginx program;
traversing the target configuration file directory in the nginx program, and determining a plurality of target configuration files contained in the target configuration file directory according to the extension names of the configuration files;
and acquiring a file identifier of each target configuration file, wherein the file identifier is a file main name of the target configuration file.
Optionally, the resource allocation module 203 is specifically configured to:
distributing one file identifier for each user mode isolation space;
determining a configuration file corresponding to each user mode isolation space according to the file identification;
and allocating the equipment operation resources for each user mode isolation space according to the configuration file.
Optionally, as shown in fig. 3, the apparatus further includes:
a modification module 205, configured to add a user-mode isolation space identifier parameter in the created socket interface function of the user-mode protocol stack.
And a create socket module 206, configured to create a nginx program socket according to the create socket interface function, where the nginx program socket includes a user-state isolation space identification parameter.
Optionally, the processing module 204 is specifically configured to:
when the nginx program data to be sent exist, determining a file identifier of a target configuration file according to the generation logic of the nginx program data;
assigning a value to a user-mode isolation space identification parameter contained in a pre-created nginx program socket according to the file identification of the target configuration file;
and sending the nginx program data through the equipment running resource of the user-state isolation space corresponding to the user-state isolation space identification parameter value.
Optionally, as shown in fig. 4, the apparatus further includes:
and a binding module 207, configured to associate a network card with the user-state isolation space, so that each network card corresponds to one user-state isolation space.
Optionally, the processing module 204 is specifically configured to:
when nginx program data are received from a target network card, determining a target user state isolation space corresponding to the target network card;
and processing the nginx program data based on the nginx program according to the configuration file and the equipment running resource corresponding to the target user state isolation space.
It should be noted that: when implementing the nginx-based network isolation configuration apparatus provided in the foregoing embodiment, the foregoing division of each functional module is merely used for illustration, and in practical applications, the foregoing function allocation may be completed by different functional modules as needed, that is, the internal structure of the apparatus is divided into different functional modules, so as to complete all or part of the above-described functions. In addition, the nginx-based network isolation configuration device provided in the above embodiment and the nginx-based network isolation configuration method embodiment belong to the same concept, and specific implementation processes thereof are described in the method embodiment and are not described herein again.
Based on the same technical concept, an embodiment of the present invention further provides a server, where the server includes a processor and a memory, where the memory stores at least one instruction, at least one program, a code set, or a set of instructions, and the at least one instruction, the at least one program, the code set, or the set of instructions is loaded and executed by the processor to implement the above nginx-based network isolation configuration method.
Based on the same technical concept, an embodiment of the present invention further provides a computer-readable storage medium, where at least one instruction, at least one program, a code set, or a set of instructions is stored in the storage medium, and the at least one instruction, the at least one program, the code set, or the set of instructions is loaded and executed by a processor to implement the nginx-based network isolation configuration method described above.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (16)
1. The network isolation configuration method based on nginx is characterized by comprising the following steps:
when the nginx program is initialized, a plurality of user state isolation spaces are set based on a user state protocol stack;
acquiring file identifications of a plurality of configuration files according to a configuration file directory of the nginx program;
allocating equipment operating resources for each user-mode isolation space through the file identifier;
and aiming at each user state isolation space, processing nginx program data corresponding to the user state isolation space through equipment operation resources of the user state isolation space.
2. The method according to claim 1, wherein said obtaining file identifiers of said plurality of configuration files according to a configuration file directory of said nginx program comprises:
loading a corresponding target configuration file directory in the nginx program;
traversing the target configuration file directory in the nginx program, and determining a plurality of target configuration files contained in the target configuration file directory according to the extension names of the configuration files;
and acquiring a file identifier of each target configuration file, wherein the file identifier is a file main name of the target configuration file.
3. The method of claim 1, wherein the allocating device operating resources for each user-mode sequestered space via the file identification comprises:
distributing one file identifier for each user mode isolation space;
determining a configuration file corresponding to each user mode isolation space according to the file identification;
and allocating the equipment operation resources to each user mode isolation space according to the configuration file.
4. The method of claim 1, wherein after setting a plurality of user-state isolation spaces based on a user-state protocol stack, further comprising:
adding a user-mode isolation space identification parameter in a socket interface creating function of the user-mode protocol stack;
and creating a nginx program socket according to the socket interface creating function, wherein the nginx program socket comprises a user state isolation space identification parameter.
5. The method according to claim 4, wherein for each user-state isolation space, processing nginx program data corresponding to the user-state isolation space by a device running resource of the user-state isolation space includes:
when the nginx program data to be sent exist, determining a file identifier of a target configuration file according to the generation logic of the nginx program data;
assigning a value to a user-mode isolation space identification parameter contained in a pre-created nginx program socket according to the file identification of the target configuration file;
and sending the nginx program data through the equipment running resource of the user-state isolation space corresponding to the user-state isolation space identification parameter value.
6. The method of claim 1, further comprising:
and establishing association between the network cards and the user state isolation space, so that each network card corresponds to one user state isolation space.
7. The method according to claim 6, wherein for each user-state isolation space, processing nginx program data corresponding to the user-state isolation space by a device running resource of the user-state isolation space includes:
when nginx program data are received from a target network card, determining a target user state isolation space corresponding to the target network card;
and processing the nginx program data based on the nginx program according to the configuration file and the equipment running resource corresponding to the target user state isolation space.
8. A nginx-based network quarantine configuration apparatus, the apparatus comprising:
the setting module is used for setting a plurality of user state isolation spaces based on a user state protocol stack when the nginx program is initialized;
the file identification module is used for acquiring file identifications of a plurality of configuration files according to the configuration file directory of the nginx program;
the resource allocation module is used for allocating the running resources of the equipment for each user-state isolation space through the file identification;
and the processing module is used for processing nginx program data corresponding to the user state isolation space through the equipment operation resources of the user state isolation space aiming at each user state isolation space.
9. The apparatus of claim 8, wherein the file identification module is specifically configured to:
loading a corresponding target configuration file directory in the nginx program;
traversing the target configuration file directory in the nginx program, and determining a plurality of target configuration files contained in the target configuration file directory according to the extension names of the configuration files;
and acquiring a file identifier of each target configuration file, wherein the file identifier is a file main name of the target configuration file.
10. The apparatus of claim 8, wherein the resource allocation module is specifically configured to:
distributing one file identifier for each user mode isolation space;
determining a configuration file corresponding to each user mode isolation space according to the file identification;
and allocating the equipment operation resources for each user mode isolation space according to the configuration file.
11. The apparatus of claim 8, further comprising:
the reconstruction module is used for adding user state isolation space identification parameters in a socket interface creating function of the user state protocol stack;
and the socket creating module is used for creating a nginx program socket according to the socket creating interface function, wherein the nginx program socket comprises a user-state isolation space identification parameter.
12. The apparatus of claim 11, wherein the processing module is specifically configured to:
when the nginx program data to be sent exist, determining a file identifier of a target configuration file according to the generation logic of the nginx program data;
assigning a value to a user-mode isolation space identification parameter contained in a pre-created nginx program socket according to the file identification of the target configuration file;
and sending the nginx program data through the equipment running resource of the user-state isolation space corresponding to the user-state isolation space identification parameter value.
13. The apparatus of claim 8, further comprising:
and the binding module is used for establishing association between the network cards and the user state isolation space so that each network card corresponds to one user state isolation space.
14. The apparatus of claim 13, wherein the processing module is specifically configured to:
when nginx program data are received from a target network card, determining a target user state isolation space corresponding to the target network card;
and processing the nginx program data based on the nginx program according to the configuration file and the equipment running resource corresponding to the target user state isolation space.
15. A server, characterized in that the server comprises a processor and a memory, wherein the memory has stored therein at least one instruction, at least one program, a set of codes, or a set of instructions, which is loaded and executed by the processor to implement the nginx-based network isolation configuration method according to any one of claims 1 to 7.
16. A computer readable storage medium having stored therein at least one instruction, at least one program, a set of codes, or a set of instructions, which is loaded and executed by a processor to implement the nginx-based network isolated configuration method as claimed in any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811496543.1A CN111294220B (en) | 2018-12-07 | 2018-12-07 | Nginx-based network isolation configuration method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811496543.1A CN111294220B (en) | 2018-12-07 | 2018-12-07 | Nginx-based network isolation configuration method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111294220A CN111294220A (en) | 2020-06-16 |
| CN111294220B true CN111294220B (en) | 2022-06-21 |
Family
ID=71022055
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811496543.1A Active CN111294220B (en) | 2018-12-07 | 2018-12-07 | Nginx-based network isolation configuration method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111294220B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113364741A (en) * | 2021-05-17 | 2021-09-07 | 网宿科技股份有限公司 | Application access method and proxy server |
| CN114697391B (en) * | 2022-04-08 | 2023-08-18 | 北京百度网讯科技有限公司 | Data processing method, device, equipment and storage medium |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104951357B (en) * | 2014-03-28 | 2018-06-26 | 华为技术有限公司 | The management method and protocol stack system of concurrent user state protocol stack |
| CN105577632B (en) * | 2015-06-26 | 2018-08-24 | 宇龙计算机通信科技(深圳)有限公司 | A kind of safe networking methods and terminal based on Network Isolation |
| CN106411589A (en) * | 2016-09-29 | 2017-02-15 | 北京神州绿盟信息安全科技股份有限公司 | Method and apparatus for realizing high availability |
| CN108875360A (en) * | 2017-05-12 | 2018-11-23 | 南京大学 | Network based on KVM virtualization services isolation design |
| CN107135278A (en) * | 2017-07-06 | 2017-09-05 | 深圳市视维科技股份有限公司 | A kind of efficient load equalizer and SiteServer LBS |
-
2018
- 2018-12-07 CN CN201811496543.1A patent/CN111294220B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN111294220A (en) | 2020-06-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107566541B (en) | Container network resource allocation method, system, storage medium and electronic device | |
| US8788668B2 (en) | Information processing apparatus, information processing system, setting program transmission method and server setting program | |
| US8769040B2 (en) | Service providing system, a virtual machine server, a service providing method, and a program thereof | |
| CN113296792B (en) | Storage method, device, equipment, storage medium and system | |
| EP3706368A1 (en) | Method and device for deploying virtualized network element device | |
| CN108279979B (en) | Method and device for binding CPU for application program container | |
| CN114070822B (en) | Kubernetes Overlay IP address management method | |
| CN110166507B (en) | Multi-resource scheduling method and device | |
| CN111124589B (en) | Service discovery system, method, device and equipment | |
| CN111294220B (en) | Nginx-based network isolation configuration method and device | |
| CN111294293B (en) | Network isolation method and device based on user mode protocol stack | |
| CN115686875A (en) | Method, apparatus and program product for transferring data between multiple processes | |
| CN110019475B (en) | Data persistence processing method, device and system | |
| CN108667750B (en) | Virtual resource management method and device | |
| US8442939B2 (en) | File sharing method, computer system, and job scheduler | |
| CN109005071B (en) | Decision deployment method and scheduling equipment | |
| CN107045452B (en) | Virtual machine scheduling method and device | |
| US9608930B1 (en) | Allocating identifiers with minimal fragmentation | |
| CN108696557B (en) | Information processing system, method and device | |
| CN111294316A (en) | Network isolation method and device based on user mode protocol stack virtual router | |
| CN111669355B (en) | Method for batch processing of nginx network isolation space and nginx server | |
| CN111669423B (en) | Batch processing method and system of network isolation space based on user mode protocol stack | |
| CN115878309A (en) | Resource allocation method, device, processing core, equipment and computer readable medium | |
| CN113535370A (en) | Method and equipment for realizing multiple RDMA network card virtualization of load balancing | |
| KR102064466B1 (en) | Method for allocationing virtual desktop in virtualization system and virtualization system thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |