目录
nginx下的https访问
修改配置文件nginx.conf
vim nginx.conf
生成证书,并reload nginx
[root@server2 conf]# cd /etc/pki/tls/certs/
[root@server2 certs]# make cert.pem
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req -utf8 -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 ; \
cat $PEM1 > cert.pem ; \
echo "" >> cert.pem ; \
cat $PEM2 >> cert.pem ; \
rm -f $PEM1 $PEM2
Generating a 2048 bit RSA private key
.....................................................................................................+++
.......+++
writing new private key to '/tmp/openssl.DDc9Yr'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:s
Locality Name (eg, city) [Default City]:xa
Organization Name (eg, company) [Default Company Ltd]:linux
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:kk
Email Address []:
[root@server2 certs]# ls
ca-bundle.crt ca-bundle.trust.crt cert.pem make-dummy-cert Makefile renew-dummy-cert
[root@server2 certs]# ll cert.pem
-rw------- 1 root root 2974 Aug 13 05:58 cert.pem
[root@server2 certs]# mv cert.pem /usr/local/nginx/conf/
[root@server2 certs]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server2 certs]# nginx -s reload
访问https://172.25.1.2,访问成功
限制并发
编辑配置文件
vim nginx.conf
其中,limit_conn_zone 用来限制同一时间连接数,即并发限制。
limit_req_zone 用来限制单位时间内的请求数,即速率限制,采用的“漏桶算法” “leaky bucket”
$binary_remote_addr:是限制同一客户端IP地址。
one=one:10m:表示生成一个大小为10M,名字为one的内存区域,用来存储访问的频次信息。
定义一个名为addr的limit_conn_zone
$binary_remote_addr:是限制同一客户端IP地址
[root@server2 ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server2 ~]# nginx
[root@server2 ~]# mkdir /usr/local/nginx/html/download
[root@server2 ~]# cd/usr/local/nginx/html/download
-bash: cd/usr/local/nginx/html/download: No such file or directory
[root@server2 ~]# cd /usr/local/nginx/html/download
[root@server2 download]# ls
[root@server2 download]# mv /opt/demo/a.png .
[root@server2 download]# ls
a.png
[root@server2 download]#
客户端并发1000个请求测试:
[root@foundation8 ~]$ ab -c 10 -n 1000 http://172.25.1.2/download/a.png
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking 172.25.254.2 (be patient)
Completed 100 requests
Completed 200 requests
Completed 300 requests
Completed 400 requests
Completed 500 requests
Completed 600 requests
Completed 700 requests
Completed 800 requests
Completed 900 requests
Completed 1000 requests
Finished 1000 requests
查看server1的access.log
可以发现除了有少量的200状态码,更多的是503。
限制带宽
limit_rate 50k; #限制带宽,每秒最多50k
[root@server2 logs]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server2 logs]# nginx -s reload
可以发现,客户端测试时请求时间明显加长