Linux學習筆記十二周五次課(4月27日)
代理服務器代理多個WEB即為均衡,dig命令可以查看域名對應IP地址,安裝dig命令為#yum install -y bind-utils
例如#dig qq.com
vim /usr/local/nginx/conf/vhost/load.conf //寫入如下內容
-------------------------------------------------------------------------
upstream qq
{
ip_hash; //同一個用戶,保持在同一個IP上;
server 61.135.157.156:80;
server 125.39.240.113:80;
}
server
{
listen 80;
server_name www.qq.com;
location /
{
proxy_pass http://qq;
proxy_ser_header Hsot $host;
proxy_ser_header X-Real-IP $remote_addr;
proxy_ser_header X-Forward-For $proxy_add_x_forwarded_for;
}
}
-------------------------------------------------------------------------
curl -x127.0.0.1:80 www.qq.com //正常情況會訪問默認網頁;
/usr/local/nginx/sbin/nginx -t
/usr/local/nginx/sbin/nginx -s reload
curl -x127.0.0.1:80 www.qq.com
nginx不支持代理https網站
12.18 ssl原理
12.19 生成ssl密鑰對
cd /usr/local/nginx/conf
openssl genrsa -des3 -out tmp.key 2048 //key文件為私鑰
openssl rsa -in tmp.key -out aminglinux.key //轉換key,取消密碼
rm -f tmp.key
openssl req -new -key aming.key -out aminglinux.csr //生成證書請求文件,需要拿這個和私鑰一起生產公鑰文件
openssl x509 -req -days 365 -in aminglinux.csr -singkey aminglinux.key -out aminglinux.crt //這裏的amingliux.crt為公鑰
12.20 Nginx配置ssl
vim /usr/local/nginx/conf/vhost/ssl.conf //加入如下內容
--------------------------------------------------------------------
server
{
listen 443;
server_name aming.com;
index index.html index.php;
root /data/wwwroot/aming.com; //目錄
ssl on; //開啟
ssl_certificate aminglinux.crt; //私鑰
ssl_certificate_key aminglinux.key; //公鑰
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; //協議
}
--------------------------------------------------------------------
/usr/local/nginx/sbin/nginx -t
/usr/local/nginx/sbin/nginx -s reload //若報錯unknown directive "ssl",需要重新編譯nginx,加上--with-http_ssl_module
-------------------------------------------------------------------------
./configure --prefix-/usr/local/nginx --with-http_ssl_module
make
make install
/usr/local/nginx/sbin/nginx -V //查看配置信息
/usr/local/nginx/sbin/nginx -t
/etc/init.d/nginx restart //重啟服務
-------------------------------------------------------------------------
netstat -lntp //查看監聽端口443
mkdir /data/wwwroot/aming.com
echo "ssl test page." > /data/wwwroot/aming.com/index.html
編輯hosts,增加127.0.0.1 aming.com
vim /etc/hosts
127.0.0.1 其他域名 aming.com
curl https://aming.com/
如果訪問不到,查看防火墻,#iptables -nvl
#iptables -F關閉防火墻
擴展
針對請求的uri來代理 http://ask.apelearn.com/question/1049
根據訪問的目錄來區分後端的web http://ask.apelearn.com/question/920
nginx長連接 http://www.apelearn.com/bbs/thread-6545-1-1.html
nginx算法分析 http://blog.sina.com.cn/s/blog_72995dcc01016msi.html
Linux學習筆記十二周五次課(4月27日)