The experiment of Nginx building HTTPS station

Source: Internet
Author: User

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M00/8C/D1/wKioL1h59KnBK0ziAABmDlW8UU0464.png "title=" Lnmp1.png "alt=" Wkiol1h59knbk0ziaabmdlw8uu0464.png "/>

Simple LNNMP transport topology diagram

NGINX1 is mainly to provide Web services to the external network, since it is the provision of external network server, then we have to consider the problem. The network bandwidth is limited, where the external network transmission we use compressed transmission, we also want data security, here also need to provide encrypted transmission of HTTPS, the most important point is that the server can forward the client's request back.

NGINX2 provides dynamic and static data to the front-end Nginx1, here is a very serious problem, this host does not handle dynamic data only to the dynamic Data forwarding to php-mysql, if directly let proxy server Nginx1 forward the request to PHP-FPM.

MySQL provides database services, PHP-FPM provides PHP Dynamic Data processing

650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M00/8C/D1/wKioL1h59MDSGWG8AABjbDKuF_8325.png "title=" Lnmp2.png "alt=" Wkiol1h59mdsgwg8aabjbdkuf_8325.png "/>

Improved LNMP transfer topology diagram

After this improvement, there will be a problem, the front-end proxy Server Nginx1 processing pressure will become larger, because the performance of the regular configuration is not as good as direct forwarding. However, the site's request is limited, and this is used for the moment.


# directory


Network relationships

Configuration of MySQL and PHP-FPM

Configuration of the NGINX1

Configuration of the Nginx2

Summarize



# Network Relationships


Here my experimental environment is a Windows host, using Vmwear, the virtual machine used is CENTOS7

NGINX1 has two network cards, one set for bridging 172.16.29.2, and the other for host-only mode 192.168.95.129, installation Nginx-1.10.2

NGINX2 has a host-only mode NIC 192.168.95.132, installation Nginx-1.10.2

PHP-FPM only host mode Nic 192.168.95.131, installation Php-fpm,php-mysql

MySQL only host mode Nic 192.168.95.130, install Mariadb-server


# MySQL and PHP-FPM configuration


Configuration of # # # PHP-FPM

PHP-FPM relies on HTTP or nginx

Yum Install php-fpm php-mysql-yvim/etc/php-fpm.d/www.conf
Listen = 0.0.0.0:9000 #监听在本机的所有网卡上listen. allowed_clients = 192.168.95.132 #允许这个ip访问pm. Status_path =/status #开启状态页
Mkdir-pv/var/www/html/phpwind #提供phpwind文件cdunzip phpwind_utf8_8.7.1.zip-d/nginx/html/phpwind/chown Nginx:nginx/ Var/www/html/phpwind/chown-r nginx:nginx/var/www/html/phpwind/



# # # MySQL Configuration

Yum Isntall mairadb-server-ymysql <<eofgrant all on pwdb.* to ' pwuser ' @ ' 192.168.95.131 ' identified by ' pwpasswd '; eo F


# Configuration of Nginx1

Cdwget Http://nginx.org/packages/centos/7/x86_64/RPMS/nginx-1.10.2-1.el7.ngx.x86_64.rpmyum Install. NGINX-1.10.2-1.EL7.NGX.X86_64.RPM-YCD/ETC/NGINX/CONF.DMV Default.conf{,.bak}vim www1.conf
server {  #强制使用https通信     listen 80;     server_ name www1.oldking.org;    rewrite ^ https://$server _name$request_uri?  Permanent;} server {    listen 443;    server_name www1.oldking.org ;     ssl on;     ssl_certificate /etc/nginx/ssl/ nginx.crt;    ssl_certificate_key /etc/nginx/ssl/nginx.key;     location ~* \.php$ {  #把php请求发送给php-FPM Host          fastcgi_pass 192.168.95.131:9000;        fastcgi_index    index.php;        fastcgi_param   script_ filename /var/www/html/phpwind/upload$fastcgi_script_name;         include         fastcgi_params;         fastcgi_param https on;     }        location ~* ^/(status|ping) $ {  #把php状态信息发送给php-fpm host          include        fastcgi_params;         fastcgi_pass 192.168.95.131:9000;         fastcgi_param  script_filename   $fastcgi _script_name;    }        location / {  #非静态和php数据, provided by Nginx1          root /nginx/html/phpwind/upload;        index  index.php;    }    location ~* \. (jpg|png|gif|js|css) $ {  #静态数据指向Nginx2 &NBsp;       proxy_pass http://192.168.95.132;    }} 
Vim..  /nginx.conf #在http字段内添加如下内容, provides compression transfer gzip On;gzip_comp_level 3;gzip_min_length 4;gzip_types text/xml text/css Application/javascript;
Mkdir-pv/nginx/html/phpwind #提供phpwind文件cdunzip phpwind_utf8_8.7.1.zip-d/nginx/html/phpwind/chown Nginx:nginx/ Nginx/html/phpwind/chown-r nginx:nginx/nginx/html/phpwind/


# Configuration of Nginx2

CD #安装Nginx并提供配置文件wget Http://nginx.org/packages/centos/7/x86_64/RPMS/nginx-1.10.2-1.el7.ngx.x86_64.rpmyum Install./NGINX-1.10.2-1.EL7.NGX.X86_64.RPM-YCD/ETC/NGINX/CONF.DMV Default.conf{,.bak}vim www1.conf
server {Listen 80;        Location/{root/var/www/html/phpwind/upload;    Index index.php; }   }
Mkdir-pv/nginx/html/phpwind #提供phpwind文件cdunzip phpwind_utf8_8.7.1.zip-d/nginx/html/phpwind/chown Nginx:nginx/ Nginx/html/phpwind/chown-r nginx:nginx/nginx/html/phpwind/


# Summary


The entire station HTTPS needs the business code support, the server that provides the static data needs to use the ~* match then specifies, uses/to match the data to obtain the data directly from the NGINX2 host, and returns the non-processed return to the NGINX1 server, then returns the client.


This article is from "Lao Wang Linux Journey" blog, please be sure to keep this source http://oldking.blog.51cto.com/10402759/1892002

Nginx-built HTTPS station experiment

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.