1、服务器环境,两台服务器做前端代理,两台服务器做后端真实服务器。这里都是nginx
代理服务器 | 后端服务器 |
172.16.5.50 | 172.16.5.52 |
172.16.5.51 | 172.16.5.52 |
2、 后端两台服务器修改nginx配置文件:
cd /etc/nginx/conf.d vim www_hello80.conf ### server { listen 80; server_name www.hello80.com hello80.com; location / { root /www/test-ssl; # try_files $uri $uri/ /index.html; index index.html index.htm; } }
(以下为单机版本,可以单机测试。)
cd /etc/nginx/conf.d vim ssl-hk.conf ### server { listen 80; server_name www.hello80.com hello80.com; #rewrite ^(.*) https://$host$1 permanent; return 307 https://$server_name$request_uri; } server { listen 443 ssl; server_name www.hello80.com hello80.com; ssl_certificate /etc/nginx/ssl/www.hello80.com.pem; ssl_certificate_key /etc/nginx/ssl/www.hello80.com.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; location / { root /www/test-ssl; # try_files $uri $uri/ /index.html; index index.html index.htm; } }
单机在本机创建存放证书目录,上传证书。 集群在两台代理服务器执行这一步。172.16.5.50,172.16.5.51
mkdir /etc/nginx/ssl/
# 上传完成查看
[root@hk2 .ssh]# ll /etc/nginx/ssl/
total 8
-rw-r--r-- 1 root root 1675 Dec 23 11:45 www.hello80.com.key
-rw-r--r-- 1 root root 3826 Dec 23 11:45 www.hello80.com.pem
创建网页目录,编辑index文件
mkdir /www/test-ssl cat > /www/test-ssl/index.html << EOF > <h1> > test ssl -172.16.5.52 > </h1> > EOF
修改完成后重新加载nginx
3、修改代理层50,51
cd /etc/nginx/conf.d vim www_hello80_ssl.conf ### upstream www_hello80_servers { server 172.16.5.52 weight=100; server 172.16.5.53 weight=300; } server { listen 80; server_name www.hello80.com hello80.com; #rewrite ^(.*) https://$host$1 permanent; return 307 https://$server_name$request_uri; } server { listen 443 ssl; server_name www.hello80.com hello80.com; ssl_certificate /etc/nginx/ssl/www.hello80.com.pem; ssl_certificate_key /etc/nginx/ssl/www.hello80.com.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; location / { proxy_pass http://www_hello80_servers/; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 30; proxy_send_timeout 60; proxy_read_timeout 60; proxy_buffering on; proxy_buffer_size 32k; proxy_buffers 4 128k; } }
到这一步之后,做DNS解析,或修改本地hosts文件做测试。
标签:www,hello80,server,nginx,ssl,https,初探,com From: https://www.cnblogs.com/amhk/p/17923503.html