https nginx 负载均衡配置

我的系统是OpenEuler。

• 安装nginx

yum install -y nginx

• 启动&开机启动

systemctl start nginx
systemctl enable nginx

• 自定义conf配置文件

cat <<EOF >> /etc/nginx/conf.d/load_balancer.conf
upstream backend {ip_hash; # 防止验证码验证失败server 192.168.1.150:443;server 192.168.1.153:443;
}server {listen 80;# 使用 IP 地址作为 server_nameserver_name 192.168.1.155;# 将 HTTP 请求重定向到 HTTPSreturn 301 https://$host$request_uri;# 日志配置access_log /var/log/nginx/192.168.1.155_http_access.log;error_log /var/log/nginx/192.168.1.155_http_error.log;
}server {listen 443 ssl;# 使用 IP 地址作为 server_nameserver_name 192.168.1.155;# SSL 证书配置，使用自签名证书ssl_certificate /opt/crt/server.crt;ssl_certificate_key /opt/crt/server.key;# SSL 优化配置ssl_protocols TLSv1.2 TLSv1.3;ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;ssl_prefer_server_ciphers on;# 日志配置access_log /var/log/nginx/192.168.1.155_https_access.log;error_log /var/log/nginx/192.168.1.155_https_error.log;# 错误处理配置error_page 404 /404.html;error_page 500 502 503 504 /50x.html;location = /404.html {root /usr/share/nginx/html;}location = /50x.html {root /usr/share/nginx/html;}location / {proxy_pass https://backend;proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto $scheme;# 处理 HTTPS 相关配置proxy_ssl_server_name on;}
}
EOF

• 检查配置文件的语法是否正确

nginx -t

• 重新加载 Nginx 配置 

nginx -s reload

• OpenSSL 生成自签名证书

openssl genpkey -algorithm RSA -out server.key -pkeyopt rsa_keygen_bits:2048openssl req -new -key server.key -out server.csr #【这一步建议绑定ip】openssl x509 -req -in server.csr -signkey server.key -out server.crt -days 36500

• 开启443端口 

firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --reload

• 验证 

curl -k https://192.168.1.155