nginx配置

Nginx配置说明
1.	Nginx安装
安装nginx依赖，如果已安装就不要安装：
yum -y install gcc-c++
yum -y install pcre pcre-devel
yum -y install zlib zlib-devel
yum -y install openssl openssl-devel
解压：tar -zxvf nginx-1.11.8.tar.gz
cd nginx-1.11.8

./configure --prefix=/usr/local/nginx --user=root --with-http_stub_status_module --with-http_ssl_module
其中—user这里用的root,安装时按情况填写用户权限

编译安装：
make
make install

2.	配置https
生成证书与秘钥
cd /usr/local/nginx/conf
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
把生成的server.crt和server.key放到nginx的conf目录下
在https的server配置里修改：
# HTTPS server

    server {
        listen       443;
        server_name  192.168.1.98;     #根据实际情况填写服务器地址或域名
        
        ssl    on;
        ssl_certificate      server.crt;
        ssl_certificate_key  server.key;
        
        ssl_session_timeout  5m;
        ssl_protocols  SSLv2 SSLv3 TLSv1;
        
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;
        
        location / {
            root   html;
            index  index.html；
        }
}

实现http重定向到https
#http server
server {
        listen       80;
        server_name  192.168.1.98;
        rewrite ^(.*)$  https://192.168.1.98 permanent;

            ……

3.	配置负载均衡

    # HTTPS server

    server {
        listen       443;
        server_name  192.168.1.98;

        ssl    on;
        ssl_certificate      server.crt;
        ssl_certificate_key  server.key;

        ssl_session_timeout  5m;
        ssl_protocols  SSLv2 SSLv3 TLSv1;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        location / {
            root   html;
            index  index.html;
            proxy_redirect off;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass https://backend/migu_aofs/;
        }
    }

   重定向到192.168.1.98:9443, 192.168.1.98:10443
   upstream backend  {
        # ip_hash;
        server 192.168.1.98:9443;    
        server 192.168.1.98:10443;
}

以上配置根据实际情况可做相应调整。