https nginx 负载均衡配置

我的系统是OpenEuler。

• 安装nginx

yum install -y nginx

• 启动&开机启动

systemctl start nginx
systemctl enable nginx

• 自定义conf配置文件

cat <<EOF >> /etc/nginx/conf.d/load_balancer.conf
upstream backend {
	ip_hash; # 防止验证码验证失败
	server 192.168.1.150:443;
	server 192.168.1.153:443;
}

server {
	listen 80;
	# 使用 IP 地址作为 server_name
	server_name 192.168.1.155;
	# 将 HTTP 请求重定向到 HTTPS
	return 301 https://$host$request_uri;
	# 日志配置
	access_log /var/log/nginx/192.168.1.155_http_access.log;
	error_log /var/log/nginx/192.168.1.155_http_error.log;
}

server {
	listen 443 ssl;
	# 使用 IP 地址作为 server_name
	server_name 192.168.1.155;

	# SSL 证书配置，使用自签名证书
	ssl_certificate /opt/crt/server.crt;
	ssl_certificate_key /opt/crt/server.key;

	# SSL 优化配置
	ssl_protocols TLSv1.2 TLSv1.3;
	ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
	ssl_prefer_server_ciphers on;

	# 日志配置
	access_log /var/log/nginx/192.168.1.155_https_access.log;
	error_log /var/log/nginx/192.168.1.155_https_error.log;

	# 错误处理配置
	error_page 404 /404.html;
	error_page 500 502 503 504 /50x.html;

	location = /404.html {
		root /usr/share/nginx/html;
	}

	location = /50x.html {
		root /usr/share/nginx/html;
	}

	location / {
		proxy_pass https://backend;
		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
		# 处理 HTTPS 相关配置
		proxy_ssl_server_name on;
	}
}
EOF

• 检查配置文件的语法是否正确

nginx -t

• 重新加载 Nginx 配置

nginx -s reload

• OpenSSL 生成自签名证书

openssl genpkey -algorithm RSA -out server.key -pkeyopt rsa_keygen_bits:2048
        
openssl req -new -key server.key -out server.csr #【这一步建议绑定ip】
    
openssl x509 -req -in server.csr -signkey server.key -out server.crt -days 36500

• 开启443端口

firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --reload

• 验证

curl -k https://192.168.1.155