//环境介绍
1.nginx服务器:10.10.54.157
2.配置nginx服务器,当监听到来自客户端www.zijian.com:80请求时,转到10.10.54.150:1500这个web服务器上
3.配置nginx服务器支持ssl加密传输协议
//生成nginx服务器需要的证书文件
1.创建网站证书存放目录shell> mkdir /usr/local/nginx/conf/sslshell> cd /usr/local/nginx/conf/ssl2.制作CA证书shell> openssl genrsa -des3 -out ca.key 2048shell> openssl req -new -x509 -days 7305 -key ca.key -out ca.crt3.生成nginx服务器所需证书,并用CA签名shell> openssl genrsa -des3 -out client.key 1024shell> openssl req -new -key client.key -out client.csrshell> openssl x509 -req -in client.csr -out client.pem -signkey client.key -CA ca.crt -CAkey ca.key -CAcreateserial -days 36504.查看证书文件shell> pwd/usr/local/nginx/conf/sslshell> lsca.crt ca.key ca.srl client.csr client.key client.pem//配置nginx支持ssl传输协议
shell> vim /usr/local/nginx/conf/nginx.conf------------------------------------------------user apache apache;worker_processes 2;error_log logs/error_nginx.log;pid logs/nginx.pid;events { worker_connections 1024;}http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log logs/access_nginx.log main; sendfile on; tcp_nopush on; keepalive_timeout 65; gzip on;server { listen 443; server_name www.test.com; charset uft-8; access_log logs/test.log main; root /var/www/html; location / { index index.html index.htm; } ssl on; ssl_certificate /usr/local/nginx/conf/ssl/client.pem; ssl_certificate_key /usr/local/nginx/conf/ssl/client.key; }}--------------------------------------------------------#上面的配置只支持https://www.zijian.com 访问,因为监听端口只开了443端口,普通的http协议的80端口并未开放#要开放http和https,再加上下面这一条server------------------------------------------------server { listen 80; server_name www.test.com; charset uft-8; access_log logs/test main; root /var/www/html; location / { proxy_pass http://10.11.54.150:1500; } } #当用户使用http协议浏览该网站时,自动跳转到10.11.54.150:1500上
