负载均衡nginx配置ssl证书
未开启SSL证书
upstreamtornadoes{
server127.0.0.1:8000;
server127.0.0.1:8001;
server127.0.0.1:8002;
}
proxy_next_upstreamerror;
server{
listen80;#一般是80
#sslon;
server_name wosign.com www.wosign.com;
#ssl_certificate/etc/nginx/ssl/wosign.com.crt;
#私钥文件名称
#ssl_certificate_key/etc/nginx/ssl/wosign.com.key;
location/{
proxy_pass_headerServer;
proxy_set_headerHost$http_host;
proxy_redirectoff;
proxy_set_headerX-Real-IP$remote_addr;
proxy_set_headerX-Scheme$scheme;
#把请求方向代理传给tornado服务器,负载均衡
proxy_passhttp://tornadoes;
}
}
开启SSL证书
upstreamtornadoes{
server127.0.0.1:8000;
server127.0.0.1:8001;
server127.0.0.1:8002;
}
proxy_next_upstreamerror;
server{
#监听443端口
listen443;
#对应的域名,把wosign.com改成你们自己的域名就可以了
server_name wosign.com;
sslon;
#从wosign获取到的第一个文件的全路径
ssl_certificate/etc/nginx/ssl/1_www.wosign.com_bundle.crt;
#从wosign获取到的第二个文件的全路径
ssl_certificate_key/etc/nginx/ssl/2_www.wosign.com.key;
ssl_session_timeout5m;
ssl_protocolsTLSv1TLSv1.1TLSv1.2;
ssl_ciphersECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_cipherson;
#这是我的主页访问地址,因为使用的是静态的html网页,所以直接使用location就可以完成了。
location/{
proxy_pass_headerServer;
proxy_set_headerHost$http_host;
proxy_redirectoff;
proxy_set_headerX-Real-IP$remote_addr;
proxy_set_headerX-Scheme$scheme;
#把请求方向代理传给tornado服务器,负载均衡
proxy_passhttp://tornadoes;
}
}
server{
listen80;
server_name wosign.com;
rewrite^/(.*)$https://wosign.com:443/$1permanent;
}
- 点赞
- 收藏
- 关注作者
评论(0)