51工具盒子

依楼听风雨
笑看云卷云舒,淡观潮起潮落

Nginx集群实现HTTPS实践 (lb01上做https)

实战Nginx负载均衡+Nginx WEB配置HTTPS安全

真实业务场景实现HTTPS实践 {#p-4}

配置知乎、博客对应的负载均衡lb01服务器的配置

lb01上配置:

server {
listen 80;
server_name zh.baimei.com;
location / {
return 302 https://$server_name$1;
}
}

server {
listen 443 ssl;
server_name wordpress.baimei.com;

ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
location / {
proxy_pass http://blog;
include proxy_params;
}
}

server {
listen 443 ssl ;
server_name zh.baimei.com;

ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
location / {
proxy_pass http://blog;
include proxy_params;
}
}

重启以下

[root@lb01 /etc/nginx/conf.d]#systemctl restart nginx

解决方案: fastcgi_param HTTPS on;


wordpress早期安装如果是使用的http方式,那开启https后会导致图片出现破损或加载不全的情况

**建议:
1、在安装WordPress之前就配置好https;
2、在WordPress后台管理页面,设置-->常规-->修改(WordPress地址及站点地址)为 https://
3、注意:WordPress很多链接在安装时被写入数据库中。**

|----------------------------| | 修正乱码效果,配置知乎、博客对应的web服务器的配置 |

#负载访问使用的https后端web使用的是http,对于PHP来说他并不知道用的到底是什么所以会出现错误;

#修正该问题配置

server {
        listen 80;
        server_name zh.lzy.com;
        root /code/zh;
        index index.php index.html;

        location ~ \.php$ {
                root /code/zh;
                fastcgi_pass   127.0.0.1:9000;
                fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
                #告诉PHP我前置的负载使用的是https协议
                fastcgi_param HTTPS on;
                include        fastcgi_params;
        }
}
[root@web02 conf.d]# cat wordpress.conf 
server {
        listen 80;
        server_name blog.lzy.com;
        root /code/wordpress;
        index index.php index.html;
        client_max_body_size 100m;

        location ~ \.php$ {
                root /code/wordpress;
                fastcgi_pass   127.0.0.1:9000;
                fastcgi_index  index.php;
                fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_param HTTPS on;
                include fastcgi_params;
        }
}
 nginx -s reload

|-----------------| | 解决phpmyadmin的问题 |

[root@lb01 conf.d]# cat proxy_php.conf
upstream php {
        server 172.16.1.7:80;
        server 172.16.1.8:80;
}

server { listen 80; server_name php.haoda.com; return 302 https://$server_name$request_uri; }

server { listen 443; ssl on; ssl_certificate ssl_key/server.crt; ssl_certificate_key ssl_key/server.key; server_name php.haoda.com; location / { proxy_pass http://php; include proxy_params; } }

[root@web01 conf.d]# cat php.conf 
server {
        listen 80;
        server_name php.haoda.com;
        root /code/phpMyAdmin-4.9.0.1-all-languages;
    location / {
            index index.php index.html;
    }

    location ~ \.php$ {
            fastcgi_pass 127.0.0.1:9000;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param HTTPS on;
            include fastcgi_params;
    }

}

赞(7)
未经允许不得转载:工具盒子 » Nginx集群实现HTTPS实践 (lb01上做https)