Linux：网站HTTPS认证+负载均衡

Chen__Eason

已于 2022-11-01 09:18:22 修改

阅读量650

点赞数

文章标签： https 负载均衡服务器

于 2022-10-31 23:11:29 首次发布

本文链接：https://blog.csdn.net/qq_52302132/article/details/127475256

版权

文章目录

要求
环境
web0、web02
lb01
部署HTTPS

要求

部署https，要求访问之前所有站点都通过负载均衡来访问

https://www.xx.com
https://upload.xx.com
https://download.xx.com
https://blog.xx.com
https://zhihu.xx.com
https://game.xx.com

环境

角色	IP	主机名
web服务器	10.0.0.7	web01
web服务器	10.0.0.8	web02
负载均衡	172.16.1.5	lb01

web0、web02

[root@web01 ~]# tree -L 1 /web
/web
├── download
├── h5game
├── kaoshi
├── mysqli.php
├── wordpress
├── www
└── zhihu

编写配置文件

vim /etc/nginx/conf.d/test.conf

server{
        server_name game.yjs.com;
        listen 80;
        root /web/h5game;
        index index.html;
        access_log logs/h5game-access.log;
        error_log logs/h5game-error.log;
}

server{
	server_name www.yjs.com;
	listen 80;
	root /web/www;
	index index.html;
	access_log logs/www-access.log;
	error_log logs/www-error.log;
}

server{
	server_name download.yjs.com;
	listen 80;
	root /web/download;
	index index.html;
	
	location / {
		autoindex on;
        autoindex_exact_size off;
        autoindex_localtime on;
	}
	location /status{
		stub_status;
		access_log off;
		auth_basic "access auth,input your password!";
		auth_basic_user_file /etc/nginx/auth_conf;
	}
}


server{
	server_name upload.yjs.com;
	listen 8080;
	root /web/kaoshi;
	index index.php index.html;

	location ~ \.php$ {
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        fastcgi_params;
 	}
}

server{
	server_name blog.yjs.com;
	listen 80;
	root /web/wordpress;
	index index.php indx.html;

	location ~ \.php$ {
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        fastcgi_params;
 	}

	location /status{
		stub_status;
		access_log off;
	}
}

server{
	server_name zhihu.yjs.com;
	listen 80;
	root /web/zhihu;
	index index.php indx.html;

	location ~ \.php$ {
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        fastcgi_params;
 	}

	location /status{
		stub_status;
		access_log off;
	}
}

lb01

编辑站点优化配置文件

vim /etc/nginx/proxy_params

#代理服务器会携带用户的http请求头部中域名主机信息
proxy_set_header Host $http_host;
#记录真实客户端的IP地址，写在日志的$http_x_forwarded_for变量里
proxy_set_header X-Real-IP $remote_addr;
#客户端通过代理服务访问后端服务, 后端服务通过该变量会记录真实客户端地址
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

#代理与后端服务器连接超时时间
proxy_connect_timeout 30;
#后端服务器数据回传给nginx代理超时时间
proxy_send_timeout 60;
#nginx代理等待后端服务器的响应时间
proxy_read_timeout 60;

#开启缓冲区，先放到缓冲区当中,然后再返回给客户端,边收边传
proxy_buffering on;
#保存用户头信息的缓冲区大小为32K
proxy_buffer_size 32k;
#设置缓冲区的大小和数量
proxy_buffers 4 128k;

负载均衡

vim /etc/nginx/conf.d/proxy.conf

upstream www {
	server 10.0.0.7:80;
	server 10.0.0.8:80;
}
server {
	listen 80;
	server_name www.yjs.com;
	location / {
		proxy_pass http://www;
		#proxy_params为站点优化配置文件
		include proxy_params;
	}
}

server {
        listen 80;
        server_name upload.yjs.com;
        location / {
                proxy_pass http://www;
                #proxy_params为站点优化配置文件
                include proxy_params;
        }
}

server {
        listen 80;
        server_name download.yjs.com;
        location / {
                proxy_pass http://www; 
                #proxy_params为站点优化配置文件
                include proxy_params;
        }
}

server {
        listen 80;
        server_name blog.yjs.com;
        location / {
                proxy_pass http://www;
                #proxy_params为站点优化配置文件
                include proxy_params;
        }
}

server {
        listen 80;
        server_name zhihu.yjs.com;
        location / {
                proxy_pass http://www;
                #proxy_params为站点优化配置文件
                include proxy_params;
        }
}

server {
        listen 80;
        server_name game.yjs.com;
        location / {
                proxy_pass http://www;
                #proxy_params为站点优化配置文件
                include proxy_params;
        }
}

部署HTTPS

mkdir -p /etc/nginx/cert

准备申请的证书

unzip -d /etc/nginx/cert/ cert.zip

编辑lb01配置文件

upstream www {
	server 10.0.0.7:80;
	server 10.0.0.8:80;
}
server {
	server_name www.yjs.com;
	listen 443 ssl;
	charset utf-8,gbk;
	client_max_body_size 20M;
	ssl_certificate cert/3114201_www.tfantastic.com.pem;
	ssl_certificate_key cert/3114201_www.tfantastic.com.key;
	ssl_session_timeout 5m;
	ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
	ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
	ssl_prefer_server_ciphers on;
	location / {
		proxy_pass http://www;
		#proxy_params为站点优化配置文件
		include proxy_params;
	}
}

server {
        server_name upload.yjs.com;
	listen 443 ssl;
	charset utf-8,gbk;
	client_max_body_size 20M;
	ssl_certificate cert/3114201_www.tfantastic.com.pem;
	ssl_certificate_key cert/3114201_www.tfantastic.com.key;
	ssl_session_timeout 5m;
	ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
	ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
	ssl_prefer_server_ciphers on;
        location / {
                proxy_pass http://www;
                #proxy_params为站点优化配置文件
                include proxy_params;
        }
}

server {
        server_name download.yjs.com;
	listen 443 ssl;
	charset utf-8,gbk;
	client_max_body_size 20M;
	ssl_certificate cert/3114201_www.tfantastic.com.pem;
	ssl_certificate_key cert/3114201_www.tfantastic.com.key;
	ssl_session_timeout 5m;
	ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
	ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
	ssl_prefer_server_ciphers on;
        location / {
                proxy_pass http://www; 
                #proxy_params为站点优化配置文件
                include proxy_params;
        }
}

server {
        server_name blog.yjs.com;
	listen 443 ssl;
	charset utf-8,gbk;
	client_max_body_size 20M;
	ssl_certificate cert/3114201_www.tfantastic.com.pem;
	ssl_certificate_key cert/3114201_www.tfantastic.com.key;
	ssl_session_timeout 5m;
	ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
	ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
	ssl_prefer_server_ciphers on;
        location / {
                proxy_pass http://www;
                #proxy_params为站点优化配置文件
                include proxy_params;
        }
}

server {
        server_name zhihu.yjs.com;
	listen 443 ssl;
	charset utf-8,gbk;
	client_max_body_size 20M;
	ssl_certificate cert/3114201_www.tfantastic.com.pem;
	ssl_certificate_key cert/3114201_www.tfantastic.com.key;
	ssl_session_timeout 5m;
	ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
	ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
	ssl_prefer_server_ciphers on;
        location / {
                proxy_pass http://www;
                #proxy_params为站点优化配置文件
                include proxy_params;
        }
}

server {
        server_name game.yjs.com;
	listen 443 ssl;
	charset utf-8,gbk;
	client_max_body_size 20M;
	ssl_certificate cert/3114201_www.tfantastic.com.pem;
	ssl_certificate_key cert/3114201_www.tfantastic.com.key;
	ssl_session_timeout 5m;
	ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
	ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
	ssl_prefer_server_ciphers on;
        location / {
                proxy_pass http://www;
                #proxy_params为站点优化配置文件
                include proxy_params;
        }
}