12项目全站HTTPS

项目全站HTTPS

1.配置web端博客配置文件

[root@web01 ~]# vim /etc/nginx/conf.d/linux.wp.com.conf 
server {
    listen 80;
    server_name linux.wp.com;

    location / {
        root /code/wordpress;
        index index.php;
    }   

    location ~* \.php$ {
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_param SCRIPT_FILENAME /code/wordpress/$fastcgi_script_name;
        include fastcgi_params;
    }
}

2.配置负载均衡

[root@lb01 ~]# vim /etc/nginx/conf.d/linux.wp.com.conf 
upstream blog {
    server 172.16.1.7;
    server 172.16.1.8;
}

server {
    listen 80;
    server_name linux.wp.com;

    rewrite (.*) https://$server_name$1;
}

server {
    listen 443 ssl;
    server_name linux.wp.com;
    ssl_certificate /etc/nginx/ssl_key/server.crt;
    ssl_certificate_key /etc/nginx/ssl_key/server.key;

    location / {
        proxy_pass http://blog;
        include proxy_params;
    }
}

[root@lb01 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@lb01 ~]# systemctl restart nginx

3.配置hosts访问测试

10.0.0.4 linux.wp.com

#页面格式乱码

4.解决页面格式错乱问题

#问题:因为负载均衡请求web端是http请求,web端请求php也是http格式,php返回的内容就是http格式的内容,我们浏览器请求的是https,所以格式显示错乱,我们需要配置让php返回的格式是https格式

[root@web01 ~]# vim /etc/nginx/conf.d/linux.wp.com.conf 
server {
    listen 80;
    server_name linux.wp.com;

    location / {
        root /code/wordpress;
        index index.php;
    }

    location ~* \.php$ {
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_param SCRIPT_FILENAME /code/wordpress/$fastcgi_script_name;
        #开启https模式
        fastcgi_param HTTPS on;
        include fastcgi_params;
    }
}

[root@web01 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@web01 ~]# systemctl restart nginx

5.再次访问测试

6.ssl证书优化参数

server {
    listen 443 default_server;
    server_name blog.driverzeng.com driverzeng.com;
    ssl on;
    root /var/www/wordpress;
    index index.php index.html index.htm;
    ssl_certificate   ssl/215089466160853.pem;
    ssl_certificate_key  ssl/215089466160853.key;

    ssl_session_cache shared:SSL:10m; #在建立完ssl握手后如果断开连接,在session_timeout时间内再次连接,是不需要再次获取公钥建立握手的,可以服用之前的连接
    ssl_session_timeout 1440m;  #ssl连接断开后的超时时间
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;  #配置加密套接协议
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;  #使用TLS版本协议
    ssl_prefer_server_ciphers on;  #nginx决定使用哪些协议与浏览器通信
posted @ 2021-11-06 20:30  vonmo  阅读(48)  评论(0编辑  收藏  举报