vlambda博客
学习文章列表

基于https的负载均衡配置

一. 拓扑

二.证书生成

# 服务器端用户证书的生成过程# 1.生成私钥(.KEY) 文件# 生成rsa私钥,des3算法,2048位强度,hdm.key是秘钥文件名openssl genrsa -des3 -out hdm.key 2048# 2.生成证书请求(.csr)文件(公钥)openssl req -new -key hdm.key -out hdm.csr# 3. 自签名的证书文件hdm.crt openssl x509 -req -days 365 -in hdm.csr -signkey hdm.key -out hdm.crt# 4 .合成pem格式的证书hdm.pemcat hdm.crt hdm.key > hdm.pem# 5. 取消密码验证openssl rsa -in hdm.key -out hdm.key.unsecure# 生成文件释义-rw-r----- 1 root root 1298 Feb 21 17:35 approbe.crt  # 自签证书-rw-r----- 1 root root 1115 Feb 21 17:34 approbe.csr # 公钥文件-rw-r----- 1 root root 1751 Feb 21 17:30 approbe.key # 私钥-rw-r----- 1 root root 1679 Feb 22 11:05 approbe.key.unsecure  # 取消密码验证-rw-r----- 1 root root 3049 Feb 21 17:36 approbe.pem # 合成自签证书

三.nginx配置

# 配置反向代理upstream routerzhouqishangbao {       # ip_hash; # least_conn ; # fair ; server 10.0.1.129:8001 weight=2 max_fails=3 fail_timeout=30s; server 10.0.1.129:8002 weight=1 max_fails=1 fail_timeout=20; server 10.0.1.129:8003 backup ;    }# 配置基于ip的虚拟主机server {    listen 8552 ssl ;    server_name 11.xx.18.xx;  ssl_certificate /usr/local/nginx/conf/ssl/approbe.pem; ssl_certificate_key /usr/local/nginx/conf/ssl/approbe.key.unsecure; keepalive_timeout 70; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; location /rest/softprobe { proxy_pass http://routerzhouqishangbao; #proxy_set_header Host $host; #proxy_set_header X-Real-IP $remote_addr; #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #proxy_set_header X-Forwarded-Proto $scheme; #proxy_set_header Host $host:$server_port; #proxy_intercept_errors on; #index index.html index.htm index.jsp default.jsp index.do default.do; #root /usr/local/nginx/html/; #index index.html; }}

四.测试

# 注意访问权限curl -k --tlsv1 "https://10.21.xx.10:8552/"# 查看QPS状态awk -F "- -" '{print $2}' access.log|cut -c 3-23|sort|uniq -c|sort -n -r|head -200 1399 22/Feb/2022:15:35:55  1397 22/Feb/2022:14:21:03  1367 22/Feb/2022:16:07:16  1315 22/Feb/2022:17:03:10  1290 22/Feb/2022:16:43:50  1279 22/Feb/2022:15:32:25  1252 22/Feb/2022:15:06:12  1251 22/Feb/2022:14:21:04  1234 22/Feb/2022:16:16:41  1220 22/Feb/2022:14:21:05  1218 22/Feb/2022:16:11:11  1170 22/Feb/2022:14:59:26  1160 22/Feb/2022:16:44:52  1158 22/Feb/2022:15:53:00  1125 22/Feb/2022:14:15:47


推荐阅读

剑星 星刃 全支线任务汇总攻略-紧急信息 剑星 星刃 全支线任务汇总攻略-紧急信息
面试大厂linuxC/C++服务端开发岗,如何从技术层面上杀出重围? 面试大厂linuxC/C++服务端开发岗,如何从技术层面上杀出重围?

相关文章