LB-nginx/php-mysql/nfs_discuz-https

nginx1/2:228/229    172.16.0.0/24

mysql1/mysql2:226/227    172.16.0.0/24

LB1/LB2 :224/225   192.16.3.0/24

 

 

随便一主机上生成证书/或者下载买一个

--------------------------------------------------------------------证书生成可以忽略--------------------------------------------------------------------

cd /etc/nginx/

mkdir ssl_key -p

cd ssl_key

openssl genrsa -idea -out 2.key 2048

输入两次密码后生成key

openssl req -days 36500 -x509 -sha256 -nodes -newkey rsa:2048 -keyout 2.key -out 1.crt

输入下面问题会生成crt

Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:

 --------------------------------------------------------------------证书生成可以忽略--------------------------------------------------------------------

1.crt和2.key放到/etc/nginx/ssl下（nginx1/2/LB1/2都放）

 

nginx1搭建dz

把ComsenzDiscuz-DiscuzX-master放到/usr/share/nginx/下并解压unzip

把文件夹里面的upload改名放到nginx下

即mv upload ../u

chown -R nginx.nginx u

数据库那边创建两个库

create databases u;

create databases u1;

 

server {
listen 80;
server_name www.le.com;
root /usr/share/nginx/u;
index index.php;
# ssl_certificate ssl/1.crt;
# ssl_certificate_key ssl/2.key;
location ~ \.php$ {
root /usr/share/nginx/u;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location /status {
stub_status;
access_log off;
deny 10.0.0.1;
allow all;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
重新加载nginx开始安装dz，使用u库；

nginx2同样步骤安装但使用u1库；

安装完后进入u文件夹搜索172.16.0.226地址的文件

grep -R 172.16.0.226

[root@nginx1 u]# grep -R 172.16.0.226
config/config_ucenter.php:define('UC_DBHOST', '172.16.0.226');
config/config_global.php:$_config['db']['1']['dbhost'] = '172.16.0.226';
uc_server/data/config.inc.php:define('UC_DBHOST', '172.16.0.226');

nginx2中编辑vim config/config_global.php文件中的数据库把u1改成u即可

nginx上配置开启ssl

LB上均安装nignx（略）

-----------------------------------------nginx部分配置-------------------------------------------

server {
listen 443 ssl;
.....
ssl_certificate ssl/1.crt;
ssl_certificate_key ssl/2.key;

...................

-----------------------------两调度器配置 vim /etc/nginx/conf.d/LB.conf -----------------------------------------------

upstream le {
server 172.16.0.228:443;
server 172.16.0.229:443;
}
rewrite_log on;

server {
listen 80;
server_name www.le.com;
location / {
rewrite .* https://$server_name$1;
rewrite_log on;
error_log /var/log/nginx/1error.log notice;
}
}
server {
listen 443 ssl;
server_name www.le.com;
ssl_certificate ssl/1.crt;
ssl_certificate_key ssl/blog.2.key;
location / {
proxy_pass https://le;
include proxy_params;
access_log /var/log/nginx/ssl.log main;
}
}

-------------------------------------------------------------------------------------------------------------

[root@LB nginx]# cat proxy_params
proxy_set_header Host $http_host;冒号后面不能有空格，否则报错
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;

proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;

---------------------------------------------------------------------------------------------------------------------

重载服务即可