搜索 收起

汇总all

编辑

临时总结

您的位置 首页 ansible自动化运维

ansible 安装 ssl 实现https访问

白眉大叔 白眉大叔 发布于 2023年5月3日 评论关闭 阅读(975)

ansible 安装 ssl 实现https访问

1-配置  在负载均衡上配置  ssl

2-在 web上 的配置文件, 开启 fastcgi_param HTTPS on;

[root@m01 /etc/ansible/roles/ssl/tasks]#cat main.yml 
- name:  copy ssl_lb_proxy.conf 
  copy: 
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
  with_items:
    - {src: 'wp_ssl_lb_proxy.conf', dest: '/etc/nginx/conf.d/lb_proxy.conf' }
    - {src: 'admin_ssl_lb_proxy.conf', dest: '/etc/nginx/conf.d/admin_lb_proxy.conf'}
    - {src: 'ssl_key', dest: '/etc/nginx/' }
  when: ansible_hostname is match "lb*"  
  notify: Restart Nginx Server
- name: copy wordpress.conf 
  copy:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
  with_items:
    - {src: 'a_wordpress.conf', dest: '/etc/nginx/conf.d/a_wordpress.conf' }
    - {src: 'admin.conf', dest: '/etc/nginx/conf.d/admin.conf' }
  when: ansible_hostname is match "web*"
  notify: Restart Nginx Serve

 

 

[root@m01 /etc/ansible/roles/ssl/files]#cat admin.conf 
server {
listen 80;
server_name admin.baimei.com;

location / {
root /code/admin;
index index.php index.html;
}

location ~ \.php$ {
root /code/admin;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_param HTTPS on;
}
}

 

[root@m01 /etc/ansible/roles/ssl/files]#cat admin_ssl_lb_proxy.conf 
upstream blog1 {
        server 172.16.1.7:80;
        server 172.16.1.8:80;
}

server {

	listen 80;
	server_name admin.baimei.com;
	location / {
	return 302 https://$server_name$1;
}
}

server {
        listen 443 ssl;
        server_name admin.baimei.com;
	ssl_certificate ssl_key/server.crt;
        ssl_certificate_key ssl_key/server.key;
        
        location / {
                proxy_pass http://blog1;
                include proxy_params;
        }
}

 

[root@m01 /etc/ansible/roles/ssl/files]#cat a_wordpress.conf 
server {
    listen 80;
    server_name wordpress.baimei.com;
    root /code/wordpress;
    index index.php index.html;

        location ~ \.php$ {
        root /code/wordpress;
                fastcgi_pass   127.0.0.1:9000;
                fastcgi_index  index.php;
                fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
                include        fastcgi_params;
                fastcgi_param HTTPS on;
        }
}

 

[root@m01 /etc/ansible/roles/ssl/files]#cat wp_ssl_lb_proxy.conf 
upstream blog {
        server 172.16.1.7:80;
        server 172.16.1.8:80;
}

server {

	listen 80;
	server_name wordpress.baimei.com;
	location / {
	return 302 https://$server_name$1;
}
}

server {
        listen 443 ssl;
        server_name wordpress.baimei.com;
	ssl_certificate ssl_key/server.crt;
        ssl_certificate_key ssl_key/server.key;
        
        location / {
                proxy_pass http://blog;
                include proxy_params;
        }
}



server {
        listen 80;
        server_name zh.baimei.com;
       
        location / {
                proxy_pass http://blog;
                include proxy_params;
        }       
}

 

欢迎来撩 : 汇总all

点赞(169)
白眉大叔

关于白眉大叔linux云计算: 白眉大叔

相关文章

热门文章

1解决node: /lib64/libstdc++.so.6: version `GLIBCXX_3.4.20′ not found (required by node)

点赞(83) 阅读(1,306)

2docker 使用gpu资源

点赞(213) 阅读(1,296)

3k8s 安装Milvus分布式2.0x

点赞(288) 阅读(1,286)

4pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available

点赞(363) 阅读(1,283)

5云原生基础-汇总

点赞(315) 阅读(1,278)