本地wordpress的HTTPS
1、自建证书
openssl由三部分组成: libcrpto:通用加密库 libssl:TSL/SSL组成库,基于会话实现了身份认证,数据加密和会话完整性。 openssl:提供命令行工具,例如模拟创建证书,查看证书信息 1、安装openssl yum install openssl openssl-devel -y 2、创建证书目录 mkdir /etc/nginx/ssl_key 3、进入目录 cd /etc/nginx/ssl_key 4、输入密码,创建私钥文件,至少4位 [root@web-7 /etc/nginx/ssl_key]#openssl genrsa -idea -out server.key 2048 Generating RSA private key, 2048 bit long modulus ...................................+++ .............+++ e is 65537 (0x10001) Enter pass phrase for server.key:afei11 Verifying - Enter pass phrase for server.key:afei11 填写证书文件 [root@web-7 /etc/nginx/ssl_key]#openssl req -days 36500 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt Generating a 2048 bit RSA private key ............................................................................................................................+++ ..................................................................................+++ writing new private key to 'server.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:BJ Locality Name (eg, city) [Default City]:BJ Organization Name (eg, company) [Default Company Ltd]:afeitt.cn Organizational Unit Name (eg, section) []:afeitt.cn Common Name (eg, your name or your server's hostname) []:afeitt.cn Email Address []:1398787859@qq.com 分别填入证书的信息 国家 省份 城市 组织 部门 主机名 邮箱 查看公私钥和证书 [root@web-7 /etc/nginx/ssl_key]#ls server.crt server.key 2、设置nginx
[root@web-7 /etc/nginx/conf.d]#cat ssl.conf server { listen 80; server_name www.afeitt.cn; rewrite ^(.*) https://$server_name$1 redirect; } server{ listen 443 ssl; server_name www.afeitt.cn; ssl_certificate ssl_key/server.crt; ssl_certificate_key ssl_key/server.key; location / { root /www; index index.html; } } 重启 [root@web-7 /etc/nginx/conf.d]#systemctl restart nginx 3、创建数据
mkdir -p /www cat >/www/index.html <<EOF <meta charset=utf8> 我是web-7的https EOF 4、访问
部署web-8
1、证书发送 [root@web-7 /etc/nginx]#scp -r ssl_key 10.0.0.8:/etc/nginx/ 2、配置文件发送 [root@web-7 /etc/nginx]#scp -r conf.d/ssl.conf 10.0.0.8:/etc/nginx/conf.d/ root@10.0.0.8's password: ssl.conf 100% 319 461.2KB/s 00:00 3、8机器查看 [root@web-8 ~]#ls /etc/nginx/ conf.d mime.types nginx.conf ssl_key fastcgi_params modules scgi_params uwsgi_params [root@web-8 ~]#ls /etc/nginx/conf.d/ php.conf ssl.conf wecenter.conf wordpress.conf 创建数据 mkdir /www cat >/www/index.html <<EOF <meta charset=utf8> 我是web-8的https EOF 重启 systemctl restart nginx 
部署lb-5机器
发放统一的证书 [root@web-7 /etc/nginx]#scp -r ssl_key 10.0.0.5:/etc/nginx/ 创建反向代理 [root@slb-5 /etc/nginx/conf.d]#cat ssl.conf upstream ssl_pools { server 172.16.1.7:443; server 172.16.1.8:443; } server { listen 80; server_name www.afeitt.cn; rewrite ^(.*) https://$server_name$1 redirect; } server { listen 443 ssl; server_name www.afeitt.cn; ssl_certificate ssl_key/server.crt; ssl_certificate_key ssl_key/server.key; location / { proxy_pass https://ssl_pools; include proxy_params.conf; } } 重启 [root@lb-5 /etc/nginx]#systemctl restart nginx 
lb负责https外网加密,后端web内网简化无须证书
lb-5机器
[root@slb-5 /etc/nginx/conf.d]#cat ssl.conf upstream ssl_pools { server 172.16.1.7; server 172.16.1.8; } server { listen 80; server_name www.afeitt.cn; rewrite ^(.*) https://$server_name$1 redirect; } server { listen 443 ssl; server_name www.afeitt.cn; ssl_certificate ssl_key/server.crt; ssl_certificate_key ssl_key/server.key; location / { proxy_pass https://ssl_pools; include proxy_params.conf; } } 重启 [root@slb-5 /etc/nginx/conf.d]#systemctl restart nginx web-7
[root@web-7 /etc/nginx]#cat conf.d/ssl.conf server { listen 80; server_name www.afeitt.cn; location / { root /www; index index.html; } } [root@web-7 /etc/nginx]#systemctl restart nginx web-8
[root@web-8 ~]#cat /etc/nginx/conf.d/ssl.conf server { listen 80; server_name www.afeitt.cn; location / { root /www; index index.html; } } [root@web-8 ~]#systemctl restart nginx 访问
wordpress支持https
1、lb-5机器的部署
[root@slb-5 /etc/nginx/conf.d]#cat wordpress.conf upstream web-pools{ server 172.16.1.7:80 weight=4; server 172.16.1.8:80 weight=1; } server{ listen 80; server_name wordpress.afeitt.cn; rewrite ^(.*) https://$server_name$1 redirect; } server { listen 443 ssl; server_name wordpress.afeitt.cn; ssl_certificate ssl_key/server.crt; ssl_certificate_key ssl_key/server.key; location / { proxy_pass http://web-pools; include /etc/nginx/proxy_params.conf; } } [root@slb-5 /etc/nginx/conf.d]#systemctl restart nginx web-7
[root@web-7 /etc/nginx]#cat conf.d/wordpress.conf server{ listen 80; server_name wordpress.afeitt.cn; root /code/wordpress; index index.php index.html; location ~* \.php$ { root /code/wordpress; fastcgi_index index.php; fastcgi_pass 127.0.0.1:9000; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include /etc/nginx/fastcgi_params; } } [root@web-7 /etc/nginx]#systemctl restart nginx web-8
[root@web-8 ~]#cat /etc/nginx/conf.d/wordpress.conf server{ listen 80; server_name wordpress.afeitt.cn; root /code/wordpress; index index.php index.html; location ~* \.php$ { root /code/wordpress; fastcgi_index index.php; fastcgi_pass 127.0.0.1:9000; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include /etc/nginx/fastcgi_params; } } [root@web-8 ~]#systemctl restart nginx 测试访问
原文链接:https://www.cnblogs.com/Xafei/p/16541810.html
© 版权声明
声明📢本站内容均来自互联网,归原创作者所有,如有侵权必删除。
本站文章皆由CC-4.0协议发布,如无来源则为原创,转载请注明出处。
THE END
