一年四季

linux

安装nginx 反向代理 负载均衡

By charlie

源码安装nginx

1、下载nginx源码,地址 http://nginx.org/en/download.html

2、编译,编译参数参考 http://nginx.org/en/linux_packages.html 里面的 configure arguments 一节。

[code language=”bash”]
./configure –prefix=/usr/local/nginx –user=nginx –group=nginx –with-http_ssl_module –with-http_realip_module –with-http_addition_module –with-http_sub_module –with-http_dav_module –with-http_flv_module –with-http_mp4_module –with-http_gunzip_module –with-http_gzip_static_module –with-http_random_index_module –with-http_secure_link_module –with-http_stub_status_module –with-http_auth_request_module –with-threads –with-stream –with-stream_ssl_module –with-http_slice_module –with-mail –with-mail_ssl_module –with-file-aio –with-http_v2_module –with-ipv6
[/code]

如果要使用fair这个反向代理策略,需要在configure的时候加上fair模块。下载fair组件  https://github.com/gnosek/nginx-upstream-fair/tree/master。加上参数

--add-module=path/to/upstream_fair/directory

3、安装

[code language=”bash”]
make && make install
[/code]

配置反向代理

打开/usr/local/nginx/conf/nginx.conf 文件,添加以下内容

[code language=”text”]
upstream test{
server 192.168.1.x:xxx;
server 192.168.1.x:xxx down;
server 192.168.1.x:xxx backup;
}
server{
listen 443 ssl;
listen 80;
server_name xxx.xxx.com;

ssl_certificate /etc/letsencrypt/live/xxx.xxx.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xxx.xxx.com/privkey.pem;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers ‘ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA’;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;

location / {
proxy_pass http://test/;
}
}
[/code]

负载均衡配置参考官方文档 https://www.nginx.com/resources/admin-guide/load-balancer/

server配置参考官方文档 https://www.nginx.com/resources/admin-guide/nginx-web-server/

let’s encrypt https 通道设置 参考 https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-centos-7

By charlie

Related Post

linux

centos7 kvm 简单操作

charlie
linux 计算机

LINUX下PYTHON MariaDB 开发环境

charlie
linux 数据库 计算机

linux下python oracle 开发环境

charlie

发表回复

您的电子邮箱地址不会被公开。 必填项已用 * 标注

You Missed

java

发布jar包到maven私服

linux

centos7 kvm 简单操作

办公

刻录U盘启动盘

linux 计算机

LINUX下PYTHON MariaDB 开发环境