12.17 Nginx负载均衡
1.新建配置文件 load.conf
upstream lxy
{
ip_hash;
server 180.163.26.39;
server 59.37.96.63;
}
server
{
listen 80;
server_name www.qq.com;
location /
{
proxy_pass http://lxy;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
不能解析https 443端口
12.18 ssl原理
https 数据是加密的
12.19 生产ssl密钥对
1. cd /usr/local/nginx/conf/
2. openssl genrsa -des3 -out tmp.key 2048 //生成私钥
3. openssl rsa -in tmp.key -out lxy.key //转换key 取消密码
4. rm -f tmp.key //删除key
5. openssl req -new -key lxy.key -out lxy.csr //生成证书请求文件
6. openssl x509 -req -days 365 -in lxy.csr -signkey lxy.key -out lxy.crt //生成lxy.crt公钥
12.20 Nginx配置ssl
1. vim /usr/local/nginx/conf/vhost/ssl.conf //编辑配置文件
server
{
listen 443;
server_name lxycsm.com;
index index.html index.php;
root /data/wwwroot/lxycsm;
ssl on;
ssl_certificate lxy.crt;
ssl_certificate_key lxy.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
}
2. ./configure --prefix=/usr/local/nginx --with-http_ssl_module //重新编译nginx 加上--with-http_ssl_module
3. /etc/init.d/nginx restart //重启服务
4.
5. 测试
curl https://lxycsm.top/
来源:oschina
链接:https://my.oschina.net/u/3803395/blog/1815672