@nginx及配置https

最新推荐文章于 2022-12-16 16:41:02 发布

ଲ小何&才露煎煎饺

最新推荐文章于 2022-12-16 16:41:02 发布

阅读量673

点赞数 2

分类专栏： WEB服务器架构基础文章标签：服务器 nginx 负载均衡 https discuz

本文链接：https://blog.csdn.net/weixin_55972781/article/details/115365111

版权

WEB服务器同时被 2 个专栏收录

20 篇文章 1 订阅

订阅专栏

架构基础

10 篇文章 3 订阅

订阅专栏

一、rewrite伪静态实例

1.搭建discuz

server {
    listen 80;
    server_name discuz.linux.com;
    location / {
        root /code/discuz/upload;
        index index.php;
        rewrite ^([^\.]*)/topic-(.+)\.html$ $1/portal.php?mod=topic&topic=$2 last;
        rewrite ^([^\.]*)/article-([0-9]+)-([0-9]+)\.html$ $1/portal.php?mod=view&aid=$2&page=$3 last;
        rewrite ^([^\.]*)/forum-(\w+)-([0-9]+)\.html$ $1/forum.php?mod=forumdisplay&fid=$2&page=$3 last;
        rewrite ^([^\.]*)/thread-([0-9]+)-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=viewthread&tid=$2&extra=page%3D$4&page=$3 last;
        rewrite ^([^\.]*)/group-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=group&fid=$2&page=$3 last;
        rewrite ^([^\.]*)/space-(username|uid)-(.+)\.html$ $1/home.php?mod=space&$2=$3 last;
        rewrite ^([^\.]*)/blog-([0-9]+)-([0-9]+)\.html$ $1/home.php?mod=space&uid=$2&do=blog&id=$3 last;
        rewrite ^([^\.]*)/(fid|tid)-([0-9]+)\.html$ $1/archiver/index.php?action=$2&value=$3 last;
        rewrite ^([^\.]*)/([a-z]+[a-z0-9_]*)-([a-z0-9_\-]+)\.html$ $1/plugin.php?id=$2:$3 last;
        if (!-e $request_filename) {
            return 404;
        }
    }
    location ~* \.php$ {
        root /code/discuz/upload;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

语法为 if (condition) {…}     #对给定的条件condition进行判断。
如果为真，大括号内的rewrite指令将被执行，if条件(conditon)可以是如下任何内容：

  a:当表达式只是一个变量时，如果值为空或任何以0开头的字符串都会当做false，其他情况为true。
  b: 直接比较变量和内容时，使用 = 或!=
  if ($http_host = mumusir.com) {
  		rewrite (.*) http://www.mumusir.com
  }
  c: 正则表达式匹配，*不区分大小写的匹配，!和!*反之。

注意：使用正则表达式字符串一般不需要加引号，但是如果含有右花括号“}”或者分号“；”字符时，必须要给整个正则表达式加引号

其他指令：
-f和!-f用来判断请求文件是否存在
-d和!-d用来判断请求目录是否存在
-e和!-e用来判断是请求的文件或者目录否存在
-x和!-x用来判断请求的文件是否可执行

2.rewrite规则补充

1）rewrite匹配优先级

1.首先执行server模块的rewrite
2.根据location匹配规则顺序先匹配location
3.最后执行location中的rewrite

server {
    listen 80;
    server_name discuz.linux.com;
	rewrite ^(.*)$ http://www.mumusir.com;
	access_log /var/log/1.log
    location =/ {
        rewrite ^(.*)$ http://www.baidu.com;
        access_log /var/log/2.log
    }
    location /test {
    	rewrite ^(.*)$ http://www.jingdong.com;
    	access_log /var/log/3.log
    }
}

#日志文件从外往里读取，生效顺序是从里向外依次生效；
#rewrite规则，从外往里读取，生效顺序也是从外往里依次生效，只要遇到rewrite直接生效；

2）rewrite的全局变量

$server_name  #当前域名
$request_filename  #带站点的网站目录和文件
$request_uri  #不带站点的网站目录和文件

server {
	listen 80;
	server_name www.linux.com;
	root /code;
	return 302 https://$server_name$request_uri;
}

http://www.linux.com/test/1.txt
$server_name = www.linux.com
$request_filename = /code/test/1.txt
$request_uri = /test/1.txt

https://www.linux.com/test/1.txt

二、HTTPS

1.模拟网站被篡改

2.HTTPS证书类型

1）购买证书选择

1.保护一个域名   www.mumusir.com
2.保护多个域名   www.  test.   cdn.  image.   class.
3.保护通配符域名  *.mumusir.com

2）HTTPS证书注意事项

1.https不支持续费，证书到期需要重新申请并进行替换 
2.https不支持三级域名解析，如 test.m.haoda.com 
3.https显示绿色，说明整个网站的url都是https的
	https显示黄色，因为网站代码中包含http的不安全链接
	https显示红色，那么证书是假的或者证书过期。

3.单台服务器配置HTTPS

1）生成证书

[root@web01 ~]# cd /etc/nginx/ssl_key/
[root@web01 ssl_key]# openssl genrsa -idea -out server.key 2048
[root@web01 ssl_key]# openssl req -days 36500 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt
[root@web01 ssl_key]# ll
total 8
-rw-r--r-- 1 root root 1375 Mar  5 15:15 server.crt
-rw-r--r-- 1 root root 1704 Mar  5 15:15 server.key
[root@web01 ssl_key]#

2)配置证书

server {
    listen 443 ssl;
    server_name s.linux.com;
    #ssl on;
    ssl_certificate /etc/nginx/ssl_key/server.crt;
    ssl_certificate_key /etc/nginx/ssl_key/server.key;

    location / {
        root /code/https;
        index index.html;
    }
}


server {
    listen 80;
    server_name s.linux.com;
    #rewrite (.*) https://$server_name$1 redirect;
    return 302 https://$server_name$request_uri;
}

三、全站HTTPS

1.环境准备

主机	外网IP	内网IP	身份
lb01	10.0.0.4	172.16.1.4	负载均衡
web01		172.16.1.7	web服务器
web02		172.16.1.8	web服务器

2.配置web服务器（两台）

[root@web01 conf.d]# vim s.linux.com.conf 
server {
    listen 80;
    server_name s.linux.com;

    location / {
        root /code/https;
        index index.html;
    }
}
[root@web01 conf.d]# systemctl restart nginx

#同步配置文件
[root@web01 conf.d]# scp s.linux.com.conf 172.16.1.8:/etc/nginx/conf.d/

#配置站点目录文件
[root@web01 conf.d]# mkdir /code/https
[root@web01 conf.d]# echo "https1111" > /code/https/index.html
[root@web02 conf.d]# mkdir /code/https
[root@web02 conf.d]# echo "https2222" > /code/https/index.html
[root@web01 conf.d]# chown -R www.www /code/https/
[root@web02 conf.d]# chown -R www.www /code/https/

3.推送、上传证书文件

[root@web01 conf.d]# scp -r /etc/nginx/ssl_key 172.16.1.4:/etc/nginx/

4.配置负载均衡机器nginx

[root@lb01 conf.d]# vim s.linux.com.conf
upstream webserver {
    server 172.16.1.7:80;
    server 172.16.1.8:80;
}

server {
    listen 443 ssl;
    server_name s.linux.com;
    ssl_certificate /etc/nginx/ssl_key/server.crt;
    ssl_certificate_key /etc/nginx/ssl_key/server.key;

    location / {
        proxy_pass http://webserver;
        proxy_set_header host $http_host;
    }
}

server {
    listen 80;
    server_name s.linux.com;
    return 302 https://$server_name$request_uri;
}

5.配置hosts，访问测试

四、项目全站HTTPS

1.配置web端博客nginx配置文件

[root@web01 conf.d]# vim blog.linux.com.conf 
server {
    listen 80;
    server_name blog.linux.com;

    location / {
        root /code/wordpress;
        index index.php;
    }

    location ~* \.php$ {
        root /code/wordpress;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

[root@web01 conf.d]# scp blog.linux.com.conf 172.16.1.8:/etc/nginx/conf.d/

2.配置web端知乎的配置文件

[root@web01 conf.d]# vim zh.linux.com.conf 
server {
    listen 80;
    server_name zh.linux.com;

    location / {
        root /code/wecenter;
        index index.php;
    }

    location ~* \.php$ {
        root /code/wecenter;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

[root@web01 conf.d]# scp zh.linux.com.conf 172.16.1.8:/etc/nginx/conf.d/

3.配置负载均衡

[root@lb01 conf.d]# vim proxy_https.conf
upstream web {
    server 172.16.1.7:80;
    server 172.16.1.8:80;
}

server {
    listen 443 ssl;
    server_name blog.linux.com;
    ssl_certificate /etc/nginx/ssl_key/server.crt;
    ssl_certificate_key /etc/nginx/ssl_key/server.key;

    location / {
        proxy_pass http://web;
        include proxy_params;
    }
}

server {
    listen 80;
    server_name blog.linux.com;
    return 302 https://$server_name$request_uri;
}

server {
    listen 443 ssl;
    server_name zh.linux.com;
 	ssl_certificate /etc/nginx/ssl_key/server.crt;
    ssl_certificate_key /etc/nginx/ssl_key/server.key;

    location / {
        proxy_pass http://web;
        include proxy_params;
    }
}

server {
    listen 80;
    server_name zh.linux.com;
    return 302 https://$server_name$request_uri;
}

[root@lb01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@lb01 conf.d]# systemctl restart nginx

4.配置hosts访问测试

#页面格式混乱，代理到php的时候开启HTTPS模式
server {
	... ...

    location ~* \.php$ {
        root /code/wecenter;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        #开启https模式
        fastcgi_param HTTPS on;
        include fastcgi_params;
    }
}

5.配置web端phpmyadmin

[root@web01 conf.d]# vim phpmyadmin.conf 
server {
    listen 80;
    server_name php.linux.com;

    location / {
        root /code/phpmyadmin;
        index index.php;
    }

    location ~ \.php$ {
        root /code/phpmyadmin;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

[root@web01 conf.d]# scp phpmyadmin.conf 172.16.1.8:/etc/nginx/conf.d/

6.配置负载均衡phpmyadmin

[root@lb01 conf.d]# vim phpmyadmin_proxy.conf 
upstream phpmyadmin {
    server 10.0.0.7;
    server 10.0.0.8;
}

server {
    listen 443 ssl;
    server_name php.linux.com;
    ssl_certificate /etc/nginx/ssl_key/server.crt;
    ssl_certificate_key /etc/nginx/ssl_key/server.key;

    location / {
        proxy_pass http://phpmyadmin;
        include proxy_params;
    }
}

server {
    listen 80;
    server_name php.linux.com;
    return 302 https://$server_name$request_uri;
}

[root@lb01 conf.d]# systemctl restart nginx

五、阿里云配置https

1.购买云主机
2.解析域名
3.申请域名对应的https证书
4.将https证书部署到服务器

ଲ小何&才露煎煎饺

关注

2
点赞
踩
1

收藏

觉得还不错? 一键收藏
0
评论
@nginx及配置https

文章目录一、rewrite伪静态实例1.搭建discuz2.rewrite规则补充1）rewrite匹配优先级2）rewrite的全局变量二、HTTPS1.模拟网站被篡改2.HTTPS证书类型1）购买证书选择2）HTTPS证书注意事项3.单台服务器配置HTTPS1）生成证书2)配置证书三、全站HTTPS1.环境准备2.配置web服务器（两台）3.推送、上传证书文件4.配置负载均衡机器nginx5.配置hosts，访问测试四、项目全站HTTPS1.配置web端博客nginx配置文件2.配置web端知乎的配置文
复制链接

扫一扫