第一个里程碑:创建https证书
创建文件认证目录
mkdir /application/nginx/key/ -p
在认证目录下创建认证文件
- openssl req -new -x509 -nodes -out server.crt -keyout server.key
- Generating a 2048 bit RSA private key
- .......+++
- ......................................+++
- writing new private key to 'server.key'
- -----
- You are about to be asked to enter information that will be incorporated
- into your certificate request.
- What you are about to enter is what is called a Distinguished Name or a DN.
- There are quite a few fields but you can leave some blank
- For some fields there will be a default value,
- If you enter '.', the field will be left blank.
- -----
- Country Name (2 letter code) [XX]:CH
- State or Province Name (full name) []:bj
- Locality Name (eg, city) [Default City]:bj
- Organization Name (eg, company) [Default Company Ltd]: 回车
- Organizational Unit Name (eg, section) []: 回车
- Common Name (eg, your name or your server's hostname) []: 回车
- Email Address []: 回车
编写 nginx配置文件 (在负载均衡上配置)
- worker_processes 1;
- events {
- worker_connections 1024;
- }
- http {
- include mime.types;
- default_type application/octet-stream;
- sendfile on;
- keepalive_timeout 65;
- upstream www_pools {
- server 10.0.0.8;
- }
- upstream bbs_pools {
- server 10.0.0.7;
- }
- upstream blog_pools {
- server 10.0.0.9;
- }
- server {
- listen 443 ssl;
- listen 80;
- server_name www.etiantian.org;
- ssl_certificate /application/nginx/key/server.crt;
- ssl_certificate_key /application/nginx/key/server.key;
- ssl_session_cache shared:SSL:1m;
- ssl_session_timeout 5m;
- ssl_ciphers HIGH:!aNULL:!MD5;
- ssl_prefer_server_ciphers on;
- location / {
- proxy_pass http://www_pools;
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-For $remote_addr;
- }
- }
- server {
- listen 80;
- server_name bbs.etiantian.org;
- location / {
- proxy_pass http://bbs_pools;
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-For $remote_addr;
- }
- }
- server {
- listen 80;
- server_name c.etiantian.org;
- location / {
- proxy_pass http://bbs_pools;
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-For $remote_addr;
- }
- }
- server {
- listen 80;
- server_name blog.etiantian.org;
- location / {
- proxy_pass http://blog_pools;
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-For $remote_addr;
- }
- }
- }
测试