我的系统是OpenEuler。
- 安装nginx
bash
yum install -y nginx- 启动&开机启动
bash
systemctl start nginx
systemctl enable nginx- 自定义conf配置文件
bash
cat <<EOF >> /etc/nginx/conf.d/load_balancer.conf
upstream backend {
ip_hash; # 防止验证码验证失败
server 192.168.1.150:443;
server 192.168.1.153:443;
}
server {
listen 80;
# 使用 IP 地址作为 server_name
server_name 192.168.1.155;
# 将 HTTP 请求重定向到 HTTPS
return 301 https://$host$request_uri;
# 日志配置
access_log /var/log/nginx/192.168.1.155_http_access.log;
error_log /var/log/nginx/192.168.1.155_http_error.log;
}
server {
listen 443 ssl;
# 使用 IP 地址作为 server_name
server_name 192.168.1.155;
# SSL 证书配置,使用自签名证书
ssl_certificate /opt/crt/server.crt;
ssl_certificate_key /opt/crt/server.key;
# SSL 优化配置
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
# 日志配置
access_log /var/log/nginx/192.168.1.155_https_access.log;
error_log /var/log/nginx/192.168.1.155_https_error.log;
# 错误处理配置
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /404.html {
root /usr/share/nginx/html;
}
location = /50x.html {
root /usr/share/nginx/html;
}
location / {
proxy_pass https://backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 处理 HTTPS 相关配置
proxy_ssl_server_name on;
}
}
EOF- 检查配置文件的语法是否正确
bash
nginx -t- 重新加载 Nginx 配置
bash
nginx -s reload- OpenSSL 生成自签名证书
bash
openssl genpkey -algorithm RSA -out server.key -pkeyopt rsa_keygen_bits:2048
openssl req -new -key server.key -out server.csr #【这一步建议绑定ip】
openssl x509 -req -in server.csr -signkey server.key -out server.crt -days 36500- 开启443端口
bash
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --reload- 验证
bash
curl -k https://192.168.1.155