11月29日任务
12.17 Nginx负载均衡
12.18 ssl原理
12.19 生成ssl密钥对
12.20 Nginx配置ssl
扩展
针对请求的uri来代理 http://ask.apelearn.com/question/1049
根据访问的目录来区分后端的web http://ask.apelearn.com/question/920
nginx长连接 http://www.apelearn.com/bbs/thread-6545-1-1.html
nginx算法分析 http://blog.sina.com.cn/s/blog_72995dcc01016msi.html
12.17 Nginx负载均衡
[root@martin001 ~]# yum install -y bind-utils
[root@martin001 ~]# dig www.qq.com
ANSWER SECTION:
www.qq.com. 73 IN A 59.37.96.63
www.qq.com. 73 IN A 14.17.42.40
www.qq.com. 73 IN A 14.17.32.211
[root@martin001 ~]# curl -x127.0.0.1:80 www.qq.com
This is the default site.
[root@martin001 ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@martin001 ~]# /usr/local/nginx/sbin/nginx -s reload
[root@martin001 ~]# curl -x127.0.0.1:80 www.qq.com -I
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Fri, 16 Mar 2018 14:24:38 GMT
Content-Type: text/html; charset=GB2312
Connection: keep-alive
Vary: Accept-Encoding
Vary: Accept-Encoding
Expires: Fri, 16 Mar 2018 14:25:38 GMT
Cache-Control: max-age=60
Vary: Accept-Encoding
Vary: Accept-Encoding
X-Cache: HIT from tianjin.qq.com
12.18 ssl原理
12.19 生成ssl密钥对
12.20 Nginx配置ssl
[root@martin001 conf]# cat /usr/local/nginx/conf/vhost/ssl.conf
server
{
listen 443;
server_name martin.com;
index index.html index.php;
root /data/wwwroot/test.com;
ssl on;
ssl_certificate martin.crt;
ssl_certificate_key martin.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
}
[root@martin001 conf]# cat /usr/local/nginx/conf/vhost/ssl.conf
server
{
listen 443;
server_name martin.com;
index index.html index.php;
root /data/wwwroot/test.com;
ssl on;
ssl_certificate martin.crt;
ssl_certificate_key martin.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
}
[root@martin001 conf]# /usr/local/nginx/sbin/nginx -t
[root@martin001 conf]# cd /usr/local/src/nginx-1.12.1
[root@martin001 conf]#./configure --prefix=/usr/local/nginx --with-http_ssl_module
[root@martin001 conf]#make
[root@martin001 conf]#make install
[root@martin001 conf]# /usr/local/nginx/sbin/nginx -t
[root@martin001 conf]# mkdir /data/wwwroot/martin.com
[root@martin001 conf]# vim /data/wwwroot/martin.com/1.php
[root@martin001 conf]# curl https://martin.com
curl: (60) Peer's certificate issuer has been marked as not trusted by the user.
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.