文章目錄
- 1.搭建discuz
- 2.rewrite規則補充
- 1)rewrite比對優先級
- 2)rewrite的全局變量
- 1.模拟網站被篡改
- 2.HTTPS證書類型
- 1)購買證書選擇
- 2)HTTPS證書注意事項
- 1.環境準備
- 2.配置web伺服器(兩台)
- 3.推送、上傳證書檔案
- 4.配置負載均衡機器nginx
- 5.配置hosts,通路測試
- 1.配置web端部落格nginx配置檔案
- 2.配置web端知乎的配置檔案
- 3.配置負載均衡
- 4.配置hosts通路測試
- 5.配置web端phpmyadmin
- 6.配置負載均衡phpmyadmin
一、rewrite僞靜态執行個體
1.搭建discuz
server {
listen 80;
server_name discuz.linux.com;
location / {
root /code/discuz/upload;
index index.php;
rewrite ^([^\.]*)/topic-(.+)\.html$ $1/portal.php?mod=topic&topic=$2 last;
rewrite ^([^\.]*)/article-([0-9]+)-([0-9]+)\.html$ $1/portal.php?mod=view&aid=$2&page=$3 last;
rewrite ^([^\.]*)/forum-(\w+)-([0-9]+)\.html$ $1/forum.php?mod=forumdisplay&fid=$2&page=$3 last;
rewrite ^([^\.]*)/thread-([0-9]+)-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=viewthread&tid=$2&extra=page%3D$4&page=$3 last;
rewrite ^([^\.]*)/group-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=group&fid=$2&page=$3 last;
rewrite ^([^\.]*)/space-(username|uid)-(.+)\.html$ $1/home.php?mod=space&$2=$3 last;
rewrite ^([^\.]*)/blog-([0-9]+)-([0-9]+)\.html$ $1/home.php?mod=space&uid=$2&do=blog&id=$3 last;
rewrite ^([^\.]*)/(fid|tid)-([0-9]+)\.html$ $1/archiver/index.php?action=$2&value=$3 last;
rewrite ^([^\.]*)/([a-z]+[a-z0-9_]*)-([a-z0-9_\-]+)\.html$ $1/plugin.php?id=$2:$3 last;
if (!-e $request_filename) {
return 404;
}
}
location ~* \.php$ {
root /code/discuz/upload;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
文法為 if (condition) {…} #對給定的條件condition進行判斷。
如果為真,大括号内的rewrite指令将被執行,if條件(conditon)可以是如下任何内容:
a:當表達式隻是一個變量時,如果值為空或任何以0開頭的字元串都會當做false,其他情況為true。
b: 直接比較變量和内容時,使用 = 或!=
if ($http_host = mumusir.com) {
rewrite (.*) http://www.mumusir.com
}
c: 正規表達式比對,*不區分大小寫的比對,!和!*反之。
注意:使用正規表達式字元串一般不需要加引号,但是如果含有右花括号“}”或者分号“;”字元時,必須要給整個正規表達式加引号
其他指令:
-f和!-f用來判斷請求檔案是否存在
-d和!-d用來判斷請求目錄是否存在
-e和!-e用來判斷是請求的檔案或者目錄否存在
-x和!-x用來判斷請求的檔案是否可執行
2.rewrite規則補充
1)rewrite比對優先級
1.首先執行server子產品的rewrite
2.根據location比對規則順序先比對location
3.最後執行location中的rewrite
server {
listen 80;
server_name discuz.linux.com;
rewrite ^(.*)$ http://www.mumusir.com;
access_log /var/log/1.log
location =/ {
rewrite ^(.*)$ http://www.baidu.com;
access_log /var/log/2.log
}
location /test {
rewrite ^(.*)$ http://www.jingdong.com;
access_log /var/log/3.log
}
}
#日志檔案從外往裡讀取,生效順序是從裡向外依次生效;
#rewrite規則,從外往裡讀取,生效順序也是從外往裡依次生效,隻要遇到rewrite直接生效;
2)rewrite的全局變量
$server_name #目前域名
$request_filename #帶站點的網站目錄和檔案
$request_uri #不帶站點的網站目錄和檔案
server {
listen 80;
server_name www.linux.com;
root /code;
return 302 https://$server_name$request_uri;
}
http://www.linux.com/test/1.txt
$server_name = www.linux.com
$request_filename = /code/test/1.txt
$request_uri =
二、HTTPS
1.模拟網站被篡改
2.HTTPS證書類型
1)購買證書選擇
1.保護一個域名 www.mumusir.com
2.保護多個域名 www. test. cdn. image. class.
3.保護通配符域名 *.mumusir.com
2)HTTPS證書注意事項
1.https不支援續費,證書到期需要重新申請并進行替換
2.https不支援三級域名解析,如 test.m.haoda.com
3.https顯示綠色,說明整個網站的url都是https的
https顯示黃色,因為網站代碼中包含http的不安全連結
https顯示紅色,那麼證書是假的或者證書過期。
3.單台伺服器配置HTTPS
1)生成證書
[root@web01 ~]# cd /etc/nginx/ssl_key/
[root@web01 ssl_key]# openssl genrsa -idea -out server.key 2048
[root@web01 ssl_key]# openssl req -days 36500 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt
[root@web01 ssl_key]# ll
total 8
-rw-r--r-- 1 root root 1375 Mar 5 15:15 server.crt
-rw-r--r-- 1 root root 1704 Mar 5 15:15 server.key
[root@web01 ssl_key]#
2)配置證書
server {
listen 443 ssl;
server_name s.linux.com;
#ssl on;
ssl_certificate /etc/nginx/ssl_key/server.crt;
ssl_certificate_key /etc/nginx/ssl_key/server.key;
location / {
root /code/https;
index index.html;
}
}
server {
listen 80;
server_name s.linux.com;
#rewrite (.*) https://$server_name$1 redirect;
return 302 https://$server_name$request_uri;
}
三、全站HTTPS
1.環境準備
| 主機 | 外網IP | 内網IP | 身份 |
| lb01 | 10.0.0.4 | 172.16.1.4 | 負載均衡 |
| web01 | 172.16.1.7 | web伺服器 |
| web02 |
2.配置web伺服器(兩台)
[root@web01 conf.d]# vim s.linux.com.conf
server {
listen 80;
server_name s.linux.com;
location / {
root /code/https;
index index.html;
}
}
[root@web01 conf.d]# systemctl restart nginx
#同步配置檔案
[root@web01 conf.d]# scp s.linux.com.conf 172.16.1.8:/etc/nginx/conf.d/
#配置站點目錄檔案
[root@web01 conf.d]# mkdir /code/https
[root@web01 conf.d]# echo "https1111" > /code/https/index.html
[root@web02 conf.d]# mkdir /code/https
[root@web02 conf.d]# echo "https2222" > /code/https/index.html
[root@web01 conf.d]# chown -R www.www /code/https/
[root@web02 conf.d]# chown -R www.www /code/https/
3.推送、上傳證書檔案
[root@web01 conf.d]# scp -r /etc/nginx/ssl_key 172.16.1.4:/etc/nginx/
4.配置負載均衡機器nginx
[root@lb01 conf.d]# vim s.linux.com.conf
upstream webserver {
server 172.16.1.7:80;
server 172.16.1.8:80;
}
server {
listen 443 ssl;
server_name s.linux.com;
ssl_certificate /etc/nginx/ssl_key/server.crt;
ssl_certificate_key /etc/nginx/ssl_key/server.key;
location / {
proxy_pass http://webserver;
proxy_set_header host $http_host;
}
}
server {
listen 80;
server_name s.linux.com;
return 302 https://$server_name$request_uri;
}
5.配置hosts,通路測試
四、項目全站HTTPS
1.配置web端部落格nginx配置檔案
[root@web01 conf.d]# vim blog.linux.com.conf
server {
listen 80;
server_name blog.linux.com;
location / {
root /code/wordpress;
index index.php;
}
location ~* \.php$ {
root /code/wordpress;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@web01 conf.d]# scp blog.linux.com.conf 172.16.1.8:/etc/nginx/conf.d/
2.配置web端知乎的配置檔案
[root@web01 conf.d]# vim zh.linux.com.conf
server {
listen 80;
server_name zh.linux.com;
location / {
root /code/wecenter;
index index.php;
}
location ~* \.php$ {
root /code/wecenter;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@web01 conf.d]# scp zh.linux.com.conf 172.16.1.8:/etc/nginx/conf.d/
3.配置負載均衡
[root@lb01 conf.d]# vim proxy_https.conf
upstream web {
server 172.16.1.7:80;
server 172.16.1.8:80;
}
server {
listen 443 ssl;
server_name blog.linux.com;
ssl_certificate /etc/nginx/ssl_key/server.crt;
ssl_certificate_key /etc/nginx/ssl_key/server.key;
location / {
proxy_pass http://web;
include proxy_params;
}
}
server {
listen 80;
server_name blog.linux.com;
return 302 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name zh.linux.com;
ssl_certificate /etc/nginx/ssl_key/server.crt;
ssl_certificate_key /etc/nginx/ssl_key/server.key;
location / {
proxy_pass http://web;
include proxy_params;
}
}
server {
listen 80;
server_name zh.linux.com;
return 302 https://$server_name$request_uri;
}
[root@lb01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@lb01 conf.d]# systemctl restart nginx
4.配置hosts通路測試
#頁面格式混亂,代理到php的時候開啟HTTPS模式
server {
... ...
location ~* \.php$ {
root /code/wecenter;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#開啟https模式
fastcgi_param HTTPS on;
include fastcgi_params;
}
}
5.配置web端phpmyadmin
[root@web01 conf.d]# vim phpmyadmin.conf
server {
listen 80;
server_name php.linux.com;
location / {
root /code/phpmyadmin;
index index.php;
}
location ~ \.php$ {
root /code/phpmyadmin;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@web01 conf.d]# scp phpmyadmin.conf 172.16.1.8:/etc/nginx/conf.d/
6.配置負載均衡phpmyadmin
[root@lb01 conf.d]# vim phpmyadmin_proxy.conf
upstream phpmyadmin {
server 10.0.0.7;
server 10.0.0.8;
}
server {
listen 443 ssl;
server_name php.linux.com;
ssl_certificate /etc/nginx/ssl_key/server.crt;
ssl_certificate_key /etc/nginx/ssl_key/server.key;
location / {
proxy_pass http://phpmyadmin;
include proxy_params;
}
}
server {
listen 80;
server_name php.linux.com;
return 302 https://$server_name$request_uri;
}
[root@lb01 conf.d]# systemctl restart nginx
五、阿裡雲配置https
1.購買雲主機
2.解析域名
3.申請域名對應的https證書
4.将https證書部署到伺服器
![Ubunto 安裝Apache2以後 httpd.conf檔案找不到問題[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)