12.17 Nginx Load Balancer
Proxy Server Proxy Multiple web is balanced, dig command can view the domain name corresponding IP address, install dig command for #yum install-y bind-utils
For example #dig qq.com
vim/usr/local/nginx/conf/vhost/load.conf//write the following:
-------------------------------------------------------------------------
Upstream QQ
{
Ip_hash; Same user, stay on the same IP;
Server 61.135.157.156:80;
Server 125.39.240.113:80;
}
Server
{
Listen 80;
server_name www.qq.com;
Location/
{
Proxy_pass http://qq;
Proxy_ser_header Hsot $host;
Proxy_ser_header X-real-ip $remote _addr;
Proxy_ser_header x-forward-for $proxy _add_x_forwarded_for;
}
}
-------------------------------------------------------------------------
curl-x127.0.0.1:80 www.qq.com//normal access to the default Web page;
/usr/local/nginx/sbin/nginx-t
/usr/local/nginx/sbin/nginx-s Reload
curl-x127.0.0.1:80 www.qq.com
Nginx does not support proxy HTTPS Web site
12.18 SSL Principle
12.19 generating an SSL key pair
Cd/usr/local/nginx/conf
OpenSSL genrsa-des3-out tmp.key 2048//key file is the private key
OpenSSL rsa-in tmp.key-out aminglinux.key//Convert key, cancel password
Rm-f Tmp.key
OpenSSL req-new-key aming.key-out AMINGLINUX.CSR//Generate certificate request file, need to take this and private key to produce public key file
OpenSSL x509-req-days 365-in aminglinux.csr-singkey aminglinux.key-out aminglinux.crt//The AMINGLIUX.CRT here is the public key
12.20 Nginx Configuration SSL
vim/usr/local/nginx/conf/vhost/ssl.conf//Add the following:
--------------------------------------------------------------------
Server
{
Listen 443;
server_name aming.com;
Index index.html index.php;
root/data/wwwroot/aming.com; Directory
SSL on; Open
Ssl_certificate AMINGLINUX.CRT; Private
Ssl_certificate_key Aminglinux.key; Public
Ssl_protocols TLSv1 TLSv1.1 TLSv1.2; Agreement
}
--------------------------------------------------------------------
/usr/local/nginx/sbin/nginx-t
/usr/local/nginx/sbin/nginx-s Reload//If error unknown directive "SSL", need to recompile nginx, plus--with-http_ssl_module
-------------------------------------------------------------------------
./configure--prefix-/usr/local/nginx--with-http_ssl_module
Make
Make install
/USR/LOCAL/NGINX/SBIN/NGINX-V//View configuration information
/usr/local/nginx/sbin/nginx-t
/etc/init.d/nginx Restart//Restart service
-------------------------------------------------------------------------
NETSTAT-LNTP//view listening port 443
Mkdir/data/wwwroot/aming.com
echo "SSL test page." >/data/wwwroot/aming.com/index.html
Edit hosts, add 127.0.0.1 aming.com
Vim/etc/hosts
127.0.0.1 Other domain name aming.com
Curl https://aming.com/
If you can't access it, view the firewall, #iptables-NVL
#iptables-F Firewall off
Extended
proxy http://ask.apelearn.com/question/1049 for the requested URI
differentiate back-end Web http://ask.apelearn.com/question/920 based on directories accessed
Nginx Long Connection http://www.apelearn.com/bbs/thread-6545-1-1.html
nginx Algorithm Analysis http://blog.sina.com.cn/s/blog_72995dcc01016msi.html
Linux study notes 12 weeks Five lessons (April 27)