zoukankan      html  css  js  c++  java
  • 创建https证书

    第一个里程碑:创建https证书

    创建文件认证目录

    mkdir /application/nginx/key/ -p

    在认证目录下创建认证文件

    1. openssl req -new -x509 -nodes -out server.crt -keyout server.key
    2.  
    3. Generating a 2048 bit RSA private key
    4. .......+++
    5. ......................................+++
    6. writing new private key to 'server.key'
    7. -----
    8. You are about to be asked to enter information that will be incorporated
    9. into your certificate request.
    10. What you are about to enter is what is called a Distinguished Name or a DN.
    11. There are quite a few fields but you can leave some blank
    12. For some fields there will be a default value,
    13. If you enter '.', the field will be left blank.
    14. -----
    15. Country Name (2 letter code) [XX]:CH
    16. State or Province Name (full name) []:bj
    17. Locality Name (eg, city) [Default City]:bj
    18. Organization Name (eg, company) [Default Company Ltd]: 回车
    19. Organizational Unit Name (eg, section) []: 回车
    20. Common Name (eg, your name or your server's hostname) []: 回车
    21. Email Address []: 回车

    编写 nginx配置文件 (在负载均衡上配置)

    1. worker_processes 1;
    2. events {
    3.     worker_connections 1024;
    4. }
    5. http {
    6.     include mime.types;
    7.     default_type application/octet-stream;
    8.     sendfile on;
    9.     keepalive_timeout 65;
    10.     upstream www_pools {
    11.       server 10.0.0.8;
    12.    }
    13.     upstream bbs_pools {
    14.       server 10.0.0.7;
    15.    }
    16.     upstream blog_pools {
    17.       server 10.0.0.9;
    18.     }
    19.     server {
    20.         listen 443 ssl;
    21.         listen 80;
    22.         server_name www.etiantian.org;
    23.         ssl_certificate /application/nginx/key/server.crt;
    24.         ssl_certificate_key /application/nginx/key/server.key;
    25.         ssl_session_cache shared:SSL:1m;
    26.         ssl_session_timeout 5m;
    27.         ssl_ciphers HIGH:!aNULL:!MD5;
    28.         ssl_prefer_server_ciphers on;
    29.         location / {
    30.             proxy_pass http://www_pools;
    31.             proxy_set_header Host $host;
    32.             proxy_set_header X-Forwarded-For $remote_addr;
    33.         }
    34.     }
    35.     server {
    36.         listen 80;
    37.             server_name bbs.etiantian.org;
    38.         location / {
    39.             proxy_pass http://bbs_pools;
    40.             proxy_set_header Host $host;
    41.             proxy_set_header X-Forwarded-For $remote_addr;
    42.         }
    43.     }
    44.         server {
    45.         listen 80;
    46.             server_name c.etiantian.org;
    47.         location / {
    48.             proxy_pass http://bbs_pools;
    49.             proxy_set_header Host $host;
    50.             proxy_set_header X-Forwarded-For $remote_addr;
    51.         }
    52.     }
    53.  
    54.     server {
    55.         listen 80;
    56.             server_name blog.etiantian.org;
    57.         location / {
    58.             proxy_pass http://blog_pools;
    59.             proxy_set_header Host $host;
    60.             proxy_set_header X-Forwarded-For $remote_addr;
    61.         }
    62.     }
    63. }

    测试

  • 相关阅读:
    Linux XZ格式的解压
    Linux eject弹出光驱
    什么是错误链接/死链接
    什么是相对地址和绝对地址
    网站被K或者降权后应该如何恢复
    网络营销怎么做才有“钱”途
    如何通过seo技术提高网站对用户的友好度
    如何利用微博客进行seo赚钱营销
    做SEO必须制定超越竞争对手网站的方案
    文章很快收录后又被删除的原因
  • 原文地址:https://www.cnblogs.com/jksbaduen/p/7816747.html
Copyright © 2011-2022 走看看