以陝歷博爲例
負載均衡Nginx配置
# http跳轉https
server {
listen 80;
server_name ticketadmin.sxhm.com;
rewrite ^(.*) https://$server_name$1 permanent;
}
upstream ticketadmin_upstream_https {
ip_hash;
# 虛擬域名
server ticketadmin04.sxhm.com:443;
server ticketadmin05.sxhm.com:443;
server ticketadmin06.sxhm.com:443;
}
server {
listen 443;
server_name ticketadmin.sxhm.com;
ssl on;
ssl_certificate /usr/local/nginx/conf/vhost/cert/sxhm_com_with_chain.crt;
ssl_certificate_key /usr/local/nginx/conf/vhost/cert/sxhm_com_server.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://ticketadmin_upstream_https;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
access_log /home/www/wwwlogs/ticketadmin_access.log;
error_log /home/www/wwwlogs/ticketadmin_error.log error;
}
編輯負載均衡機器的host文件,配置虛擬域名
192.168.0.4 ticketadmin04.sxhm.com
192.168.0.5 ticketadmin05.sxhm.com
192.168.0.6 ticketadmin06.sxhm.com
節點機器Nginx配置,不需要監聽80端口
server {
listen 443;
server_name ticketadmin06.sxhm.com;
ssl on;
ssl_certificate /usr/local/nginx/conf/vhost/cert/sxhm_com_with_chain.crt;
ssl_certificate_key /usr/local/nginx/conf/vhost/cert/sxhm_com_server.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
ssl_prefer_server_ciphers on;
root /home/www/wwwroot/slb_pw/public;
index index.html index.htm index.php;
include enable-php.conf;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
access_log /home/www/wwwlogs/ticketadmin_access.log;
error_log /home/www/wwwlogs/ticketadmin_error.log error;
}