创建https证书

第一个里程碑:创建https证书

创建文件认证目录

mkdir /application/nginx/key/ -p

在认证目录下创建认证文件

  1. openssl req -new -x509 -nodes -out server.crt -keyout server.key
  2.  
  3. Generating a 2048 bit RSA private key
  4. .......+++
  5. ......................................+++
  6. writing new private key to 'server.key'
  7. -----
  8. You are about to be asked to enter information that will be incorporated
  9. into your certificate request.
  10. What you are about to enter is what is called a Distinguished Name or a DN.
  11. There are quite a few fields but you can leave some blank
  12. For some fields there will be a default value,
  13. If you enter '.', the field will be left blank.
  14. -----
  15. Country Name (2 letter code) [XX]:CH
  16. State or Province Name (full name) []:bj
  17. Locality Name (eg, city) [Default City]:bj
  18. Organization Name (eg, company) [Default Company Ltd]: 回车
  19. Organizational Unit Name (eg, section) []: 回车
  20. Common Name (eg, your name or your server's hostname) []: 回车
  21. Email Address []: 回车

编写 nginx配置文件 (在负载均衡上配置)

  1. worker_processes 1;
  2. events {
  3.     worker_connections 1024;
  4. }
  5. http {
  6.     include mime.types;
  7.     default_type application/octet-stream;
  8.     sendfile on;
  9.     keepalive_timeout 65;
  10.     upstream www_pools {
  11.       server 10.0.0.8;
  12.    }
  13.     upstream bbs_pools {
  14.       server 10.0.0.7;
  15.    }
  16.     upstream blog_pools {
  17.       server 10.0.0.9;
  18.     }
  19.     server {
  20.         listen 443 ssl;
  21.         listen 80;
  22.         server_name www.etiantian.org;
  23.         ssl_certificate /application/nginx/key/server.crt;
  24.         ssl_certificate_key /application/nginx/key/server.key;
  25.         ssl_session_cache shared:SSL:1m;
  26.         ssl_session_timeout 5m;
  27.         ssl_ciphers HIGH:!aNULL:!MD5;
  28.         ssl_prefer_server_ciphers on;
  29.         location / {
  30.             proxy_pass http://www_pools;
  31.             proxy_set_header Host $host;
  32.             proxy_set_header X-Forwarded-For $remote_addr;
  33.         }
  34.     }
  35.     server {
  36.         listen 80;
  37.             server_name bbs.etiantian.org;
  38.         location / {
  39.             proxy_pass http://bbs_pools;
  40.             proxy_set_header Host $host;
  41.             proxy_set_header X-Forwarded-For $remote_addr;
  42.         }
  43.     }
  44.         server {
  45.         listen 80;
  46.             server_name c.etiantian.org;
  47.         location / {
  48.             proxy_pass http://bbs_pools;
  49.             proxy_set_header Host $host;
  50.             proxy_set_header X-Forwarded-For $remote_addr;
  51.         }
  52.     }
  53.  
  54.     server {
  55.         listen 80;
  56.             server_name blog.etiantian.org;
  57.         location / {
  58.             proxy_pass http://blog_pools;
  59.             proxy_set_header Host $host;
  60.             proxy_set_header X-Forwarded-For $remote_addr;
  61.         }
  62.     }
  63. }

测试

posted @ 2017-11-10 22:24  jks巴顿  阅读(1979)  评论(0编辑  收藏  举报