文章目录
- 1.配置web端博客nginx配置文件
- 2.配置web端知乎的配置文件
- 3.配置负载均衡
- 4.配置hosts访问测试
- 5.配置web端phpmyadmin
- 6.配置负载均衡phpmyadmin
一、rewrite伪静态实例
1.搭建discuz
server {
listen 80;
server_name discuz.linux.com;
location / {
root /code/discuz/upload;
index index.php;
rewrite ^([^\.]*)/topic-(.+)\.html$ $1/portal.php?mod=topic&topic=$2 last;
rewrite ^([^\.]*)/article-([0-9]+)-([0-9]+)\.html$ $1/portal.php?mod=view&aid=$2&page=$3 last;
rewrite ^([^\.]*)/forum-(\w+)-([0-9]+)\.html$ $1/forum.php?mod=forumdisplay&fid=$2&page=$3 last;
rewrite ^([^\.]*)/thread-([0-9]+)-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=viewthread&tid=$2&extra=page%3D$4&page=$3 last;
rewrite ^([^\.]*)/group-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=group&fid=$2&page=$3 last;
rewrite ^([^\.]*)/space-(username|uid)-(.+)\.html$ $1/home.php?mod=space&$2=$3 last;
rewrite ^([^\.]*)/blog-([0-9]+)-([0-9]+)\.html$ $1/home.php?mod=space&uid=$2&do=blog&id=$3 last;
rewrite ^([^\.]*)/(fid|tid)-([0-9]+)\.html$ $1/archiver/index.php?action=$2&value=$3 last;
rewrite ^([^\.]*)/([a-z]+[a-z0-9_]*)-([a-z0-9_\-]+)\.html$ $1/plugin.php?id=$2:$3 last;
if (!-e $request_filename) {
return 404;
}
}
location ~* \.php$ {
root /code/discuz/upload;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}语法为 if (condition) {…} #对给定的条件condition进行判断。
如果为真,大括号内的rewrite指令将被执行,if条件(conditon)可以是如下任何内容:
a:当表达式只是一个变量时,如果值为空或任何以0开头的字符串都会当做false,其他情况为true。
b: 直接比较变量和内容时,使用 = 或!=
if ($http_host = mumusir.com) {
rewrite (.*) http://www.mumusir.com
}
c: 正则表达式匹配,*不区分大小写的匹配,!和!*反之。
注意:使用正则表达式字符串一般不需要加引号,但是如果含有右花括号“}”或者分号“;”字符时,必须要给整个正则表达式加引号
其他指令:
-f和!-f用来判断请求文件是否存在
-d和!-d用来判断请求目录是否存在
-e和!-e用来判断是请求的文件或者目录否存在
-x和!-x用来判断请求的文件是否可执行2.rewrite规则补充
1)rewrite匹配优先级
1.首先执行server模块的rewrite
2.根据location匹配规则顺序先匹配location
3.最后执行location中的rewrite
server {
listen 80;
server_name discuz.linux.com;
rewrite ^(.*)$ http://www.mumusir.com;
access_log /var/log/1.log
location =/ {
rewrite ^(.*)$ http://www.baidu.com;
access_log /var/log/2.log
}
location /test {
rewrite ^(.*)$ http://www.jingdong.com;
access_log /var/log/3.log
}
}
#日志文件从外往里读取,生效顺序是从里向外依次生效;
#rewrite规则,从外往里读取,生效顺序也是从外往里依次生效,只要遇到rewrite直接生效;
2)rewrite的全局变量
$server_name #当前域名
$request_filename #带站点的网站目录和文件
$request_uri #不带站点的网站目录和文件
server {
listen 80;
server_name www.linux.com;
root /code;
return 302 https://$server_name$request_uri;
}
http://www.linux.com/test/1.txt
$server_name = www.linux.com
$request_filename = /code/test/1.txt
$request_uri =
二、HTTPS
1.模拟网站被篡改
2.HTTPS证书类型
1)购买证书选择
1.保护一个域名 www.mumusir.com
2.保护多个域名 www. test. cdn. image. class.
3.保护通配符域名 *.mumusir.com
2)HTTPS证书注意事项
1.https不支持续费,证书到期需要重新申请并进行替换
2.https不支持三级域名解析,如 test.m.haoda.com
3.https显示绿色,说明整个网站的url都是https的
https显示黄色,因为网站代码中包含http的不安全链接
https显示红色,那么证书是假的或者证书过期。
3.单台服务器配置HTTPS
1)生成证书
[root@web01 ~]# cd /etc/nginx/ssl_key/
[root@web01 ssl_key]# openssl genrsa -idea -out server.key 2048
[root@web01 ssl_key]# openssl req -days 36500 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt
[root@web01 ssl_key]# ll
total 8
-rw-r--r-- 1 root root 1375 Mar 5 15:15 server.crt
-rw-r--r-- 1 root root 1704 Mar 5 15:15 server.key
[root@web01 ssl_key]#
2)配置证书
server {
listen 443 ssl;
server_name s.linux.com;
#ssl on;
ssl_certificate /etc/nginx/ssl_key/server.crt;
ssl_certificate_key /etc/nginx/ssl_key/server.key;
location / {
root /code/https;
index index.html;
}
}
server {
listen 80;
server_name s.linux.com;
#rewrite (.*) https://$server_name$1 redirect;
return 302 https://$server_name$request_uri;
}三、全站HTTPS
1.环境准备
主机 | 外网IP | 内网IP | 身份 |
lb01 | 10.0.0.4 | 172.16.1.4 | 负载均衡 |
web01 | 172.16.1.7 | web服务器 | |
web02 | 172.16.1.8 | web服务器 |
2.配置web服务器(两台)
[root@web01 conf.d]# vim s.linux.com.conf
server {
listen 80;
server_name s.linux.com;
location / {
root /code/https;
index index.html;
}
}
[root@web01 conf.d]# systemctl restart nginx
#同步配置文件
[root@web01 conf.d]# scp s.linux.com.conf 172.16.1.8:/etc/nginx/conf.d/
#配置站点目录文件
[root@web01 conf.d]# mkdir /code/https
[root@web01 conf.d]# echo "https1111" > /code/https/index.html
[root@web02 conf.d]# mkdir /code/https
[root@web02 conf.d]# echo "https2222" > /code/https/index.html
[root@web01 conf.d]# chown -R www.www /code/https/
[root@web02 conf.d]# chown -R www.www /code/https/
3.推送、上传证书文件
[root@web01 conf.d]# scp -r /etc/nginx/ssl_key 172.16.1.4:/etc/nginx/
4.配置负载均衡机器nginx
[root@lb01 conf.d]# vim s.linux.com.conf
upstream webserver {
server 172.16.1.7:80;
server 172.16.1.8:80;
}
server {
listen 443 ssl;
server_name s.linux.com;
ssl_certificate /etc/nginx/ssl_key/server.crt;
ssl_certificate_key /etc/nginx/ssl_key/server.key;
location / {
proxy_pass http://webserver;
proxy_set_header host $http_host;
}
}
server {
listen 80;
server_name s.linux.com;
return 302 https://$server_name$request_uri;
}
5.配置hosts,访问测试
四、项目全站HTTPS
1.配置web端博客nginx配置文件
[root@web01 conf.d]# vim blog.linux.com.conf
server {
listen 80;
server_name blog.linux.com;
location / {
root /code/wordpress;
index index.php;
}
location ~* \.php$ {
root /code/wordpress;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@web01 conf.d]# scp blog.linux.com.conf 172.16.1.8:/etc/nginx/conf.d/
2.配置web端知乎的配置文件
[root@web01 conf.d]# vim zh.linux.com.conf
server {
listen 80;
server_name zh.linux.com;
location / {
root /code/wecenter;
index index.php;
}
location ~* \.php$ {
root /code/wecenter;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@web01 conf.d]# scp zh.linux.com.conf 172.16.1.8:/etc/nginx/conf.d/
3.配置负载均衡
[root@lb01 conf.d]# vim proxy_https.conf
upstream web {
server 172.16.1.7:80;
server 172.16.1.8:80;
}
server {
listen 443 ssl;
server_name blog.linux.com;
ssl_certificate /etc/nginx/ssl_key/server.crt;
ssl_certificate_key /etc/nginx/ssl_key/server.key;
location / {
proxy_pass http://web;
include proxy_params;
}
}
server {
listen 80;
server_name blog.linux.com;
return 302 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name zh.linux.com;
ssl_certificate /etc/nginx/ssl_key/server.crt;
ssl_certificate_key /etc/nginx/ssl_key/server.key;
location / {
proxy_pass http://web;
include proxy_params;
}
}
server {
listen 80;
server_name zh.linux.com;
return 302 https://$server_name$request_uri;
}
[root@lb01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@lb01 conf.d]# systemctl restart nginx
4.配置hosts访问测试
#页面格式混乱,代理到php的时候开启HTTPS模式
server {
... ...
location ~* \.php$ {
root /code/wecenter;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#开启https模式
fastcgi_param HTTPS on;
include fastcgi_params;
}
}
5.配置web端phpmyadmin
[root@web01 conf.d]# vim phpmyadmin.conf
server {
listen 80;
server_name php.linux.com;
location / {
root /code/phpmyadmin;
index index.php;
}
location ~ \.php$ {
root /code/phpmyadmin;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@web01 conf.d]# scp phpmyadmin.conf 172.16.1.8:/etc/nginx/conf.d/
6.配置负载均衡phpmyadmin
[root@lb01 conf.d]# vim phpmyadmin_proxy.conf
upstream phpmyadmin {
server 10.0.0.7;
server 10.0.0.8;
}
server {
listen 443 ssl;
server_name php.linux.com;
ssl_certificate /etc/nginx/ssl_key/server.crt;
ssl_certificate_key /etc/nginx/ssl_key/server.key;
location / {
proxy_pass http://phpmyadmin;
include proxy_params;
}
}
server {
listen 80;
server_name php.linux.com;
return 302 https://$server_name$request_uri;
}
[root@lb01 conf.d]# systemctl restart nginx
五、阿里云配置https
1.购买云主机
2.解析域名
3.申请域名对应的https证书
4.将https证书部署到服务器