配置DNS劫持
1配置web01为正确的网站
bash
[root@web01 conf.d]# cat static.conf
server {
listen 80;
server_name static.com;
location / {
root /code/test01;
index index.html;
}
}
[root@web01 conf.d]# cd -
/code/test01
[root@web01 test01]# cat index.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>我是title</title>
</head>
<body>
<article>
<header>
<h1>我是妹妹</h1>
<p>创建时间:<time pubdate="pubdate">2025/11/17</time></p>
</header>
<p>
<b>Aticle</b>第一次用h5写文章,好他*的紧张...
</p>
<footer>
<p><small>版权所有!</small></p>
</footer>
</article>
</body></html>2.配置WEB02服务器为劫持网站,配置劫持内容 ,类似黑客劫持
bash
[root@web02 conf.d]# cat static.conf
server {
listen 80;
server_name static.com;
location / {
proxy_pass http://192.168.74.7;
proxy_set_header Host $http_host;
sub_filter '<h1>我是妹妹' '<h1>澳门赌场 德州扑克 牛牛 老虎机随时提现 ';
sub_filter '<b>Aticle</b>第一次用h5写文章,好他*的紧张...' '<img src="https://img0.baidu.com/it/u=2001165379,4043770015&fm=253&fmt=auto&app=138&f=JPEG?w=634&h=356">';
sub_filter '<small>版权所有' ' <small>开源';
}
}配置https
1生成证书
bash
[root@web01 nginx]# mkdir -p /etc/nginx/ssl_key
[root@web01 nginx]# cd ssl_key/
[root@web01 ssl_key]# openssl genrsa -idea -out server.key 2048
Generating RSA private key, 2048 bit long modulus
.............................................................+++
......+++
e is 65537 (0x10001)
Enter pass phrase for server.key: #密码123456
Verifying - Enter pass phrase for server.key: #密码123456
[root@web01 ssl_key]# openssl req -days 36500 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt
Generating a 2048 bit RSA private key
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:js
Locality Name (eg, city) [Default City]:js
Organization Name (eg, company) [Default Company Ltd]:laoli
Organizational Unit Name (eg, section) []:laoli
Common Name (eg, your name or your server's hostname) []:static.com
Email Address []:123@qq.com
[root@web01 ssl_key]# pwd
/etc/nginx/ssl_key
[root@web01 ssl_key]# ll
total 8
-rw-r--r--. 1 root root 1367 Nov 16 22:39 server.crt
-rw-r--r--. 1 root root 1704 Nov 16 22:39 server.key2配置证书
bash
[root@web01 conf.d]# cat static.conf
server {
listen 80;
server_name static.com;
return 302 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name static.com;
ssl_certificate /etc/nginx/ssl_key/server.crt;
ssl_certificate_key /etc/nginx/ssl_key/server.key;
root /code/test01/;
location / {
index index.html index.htm;
}
}3配置成功
集群环境中实现 HTTPS
负载均衡器终结 HTTPS
1安装 Nginx 并准备 SSL 证书(放在/ssl_key目录)
bash
[root@localhost ssl_key]# ls
server.crt server.key 2配置文件(/etc/nginx/conf.d/static.conf)
bash
[root@localhost conf.d]# cat static.conf
upstream webs {
server 192.168.74.7;
server 192.168.74.8;
}
server {
listen 80;
server_name static.com;
return 302 https://$server_name$request_uri;}
server {
listen 443 ssl;
ssl_certificate /ssl_key/server.crt;
ssl_certificate_key /ssl_key/server.key;
server_name static.com;
location / {
proxy_pass http://webs;
include proxy_params;
}
}3后端 Web 节点(web01、web02)配置
无需 SSL 证书,仅需提供 HTTP 服务:
bash
# web01和web02的配置(/etc/nginx/conf.d/static.conf)
server {
listen 80;
server_name static.com; # 与负载均衡器域名一致
root /code/test01; # 静态文件目录(两台节点内容保持一致)
location / {
index index.html;
}
}这是我的个人学习笔记,主要用于记录自己对知识点的理解和梳理。由于目前仍在学习探索阶段,内容中难免存在理解偏差或表述疏漏,恳请各位大佬不吝赐教,多提宝贵意见~ 若有不同看法,欢迎理性交流探讨,感谢包容与指正!