搜索 收起

汇总all

编辑

临时总结

您的位置 首页 nginx

Nginx集群实现HTTPS实践 (lb01上做https)

白眉大叔 白眉大叔 发布于 2023年4月12日 评论关闭 阅读(739)

实战Nginx负载均衡+Nginx WEB配置HTTPS安全

真实业务场景实现HTTPS实践

配置知乎、博客对应的负载均衡lb01服务器的配置

lb01上配置:

server {
listen 80;
server_name zh.baimei.com;
location / {
return 302 https://$server_name$1;
}
}

server {
listen 443 ssl;
server_name wordpress.baimei.com;

ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
location / {
proxy_pass http://blog;
include proxy_params;
}
}

server {
listen 443 ssl ;
server_name zh.baimei.com;

ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
location / {
proxy_pass http://blog;
include proxy_params;
}
}

 

 

重启以下 

[root@lb01 /etc/nginx/conf.d]#systemctl restart nginx

 

 

解决方案: fastcgi_param HTTPS on;

 

 

wordpress早期安装如果是使用的http方式,那开启https后会导致图片出现破损或加载不全的情况

**建议:
1、在安装WordPress之前就配置好https;
2、在WordPress后台管理页面,设置–>常规–>修改(WordPress地址及站点地址)为 https://
3、注意:WordPress很多链接在安装时被写入数据库中。**

 

修正乱码效果,配置知乎、博客对应的web服务器的配置

 

#负载访问使用的https后端web使用的是http,对于PHP来说他并不知道用的到底是什么所以会出现错误;

#修正该问题配置

server {
        listen 80;
        server_name zh.lzy.com;
        root /code/zh;
        index index.php index.html;

        location ~ \.php$ {
                root /code/zh;
                fastcgi_pass   127.0.0.1:9000;
                fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
                #告诉PHP我前置的负载使用的是https协议
                fastcgi_param HTTPS on;
                include        fastcgi_params;
        }
}

 

[root@web02 conf.d]# cat wordpress.conf 
server {
        listen 80;
        server_name blog.lzy.com;
        root /code/wordpress;
        index index.php index.html;
        client_max_body_size 100m;

        location ~ \.php$ {
                root /code/wordpress;
                fastcgi_pass   127.0.0.1:9000;
                fastcgi_index  index.php;
                fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_param HTTPS on;
                include fastcgi_params;
        }
}

 

 nginx -s reload
解决phpmyadmin的问题 

[root@lb01 conf.d]# cat proxy_php.conf
upstream php {
        server 172.16.1.7:80;
        server 172.16.1.8:80;
}

server {
        listen 80;
        server_name php.haoda.com;
        return 302 https://$server_name$request_uri;
}

server {
        listen 443;
        ssl on;
        ssl_certificate   ssl_key/server.crt;
        ssl_certificate_key  ssl_key/server.key;
        server_name php.haoda.com;
        location / {
            proxy_pass http://php;
            include proxy_params;
        }
}

 

[root@web01 conf.d]# cat php.conf 
server {
        listen 80;
        server_name php.haoda.com;
        root /code/phpMyAdmin-4.9.0.1-all-languages;

        location / {
                index index.php index.html;
        }

        location ~ \.php$ {
                fastcgi_pass 127.0.0.1:9000;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_param HTTPS on;
                include fastcgi_params;
        }
}

 

欢迎来撩 : 汇总all

标签:
点赞(191)
白眉大叔

关于白眉大叔linux云计算: 白眉大叔

相关文章

热门文章

1解决node: /lib64/libstdc++.so.6: version `GLIBCXX_3.4.20′ not found (required by node)

点赞(84) 阅读(1,305)

2docker 使用gpu资源

点赞(214) 阅读(1,295)

3k8s 安装Milvus分布式2.0x

点赞(289) 阅读(1,286)

4pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available

点赞(364) 阅读(1,281)

5云原生基础-汇总

点赞(316) 阅读(1,278)