web端拷贝证书与密钥
scp -rp -P52113 /application/nginx/conf/key 10.0.0.5:/application/nginx/conf/
在nginx负载均衡服务端配置
vim /application/nginx/conf/nginx.conf
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
worker_processes 2;
error_log logs/error.log;
events {
worker_connections 65535;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream server_pools {
server 10.0.0.200:443 weight=1 max_fails=3 fail_timeout=10;
#server 10.0.0.8:443 weight=1 max_fails=3 fail_timeout=10;
#server 10.0.0.9:443 weight=1 max_fails=3 fail_timeout=10;
}
server {
listen 80;
server_name localhost;
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
listen 10.0.0.5:443;
server_name www.abc.com;
#开启 https 注意要添加在server区块 不能在http区块中放置
ssl on;
ssl_certificate /application/nginx/conf/key/server.crt;
ssl_certificate_key /application/nginx/conf/key/server.key;
location / {
proxy_pass https://server_pools;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
}
|
#检查nginx负载均衡配置
/application/nginx/sbin/nginx -t
#重启nginx负载均衡
/application/nginx/sbin/nginx -s stop
/application/nginx/sbin/nginx
浏览器访问测试
注意修改hosts对应的是负载均衡的IP地址信息
访问测试
访问结果
原文链接:http://blog.51cto.com/13673885/2179036