nginx1/2:228/229 172.16.0.0/24
mysql1/mysql2:226/227 172.16.0.0/24
LB1/LB2 :224/225 192.16.3.0/24
随便一主机上生成证书/或者下载买一个
--------------------------------------------------------------------证书生成可以忽略--------------------------------------------------------------------
cd /etc/nginx/
mkdir ssl_key -p
cd ssl_key
openssl genrsa -idea -out 2.key 2048
输入两次密码后生成key
openssl req -days 36500 -x509 -sha256 -nodes -newkey rsa:2048 -keyout 2.key -out 1.crt
输入下面问题会生成crt
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
--------------------------------------------------------------------证书生成可以忽略--------------------------------------------------------------------
1.crt和2.key放到/etc/nginx/ssl下(nginx1/2/LB1/2都放)
nginx1搭建dz
把ComsenzDiscuz-DiscuzX-master放到/usr/share/nginx/下并解压unzip
把文件夹里面的upload改名放到nginx下
即mv upload ../u
chown -R nginx.nginx u
数据库那边创建两个库
create databases u;
create databases u1;
server {
listen 80;
server_name www.le.com;
root /usr/share/nginx/u;
index index.php;
# ssl_certificate ssl/1.crt;
# ssl_certificate_key ssl/2.key;
location ~ .php$ {
root /usr/share/nginx/u;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location /status {
stub_status;
access_log off;
deny 10.0.0.1;
allow all;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
重新加载nginx开始安装dz,使用u库;
nginx2同样步骤安装但使用u1库;
安装完后进入u文件夹搜索172.16.0.226地址的文件
grep -R 172.16.0.226
[root@nginx1 u]# grep -R 172.16.0.226
config/config_ucenter.php:define('UC_DBHOST', '172.16.0.226');
config/config_global.php:$_config['db']['1']['dbhost'] = '172.16.0.226';
uc_server/data/config.inc.php:define('UC_DBHOST', '172.16.0.226');
nginx2中编辑vim config/config_global.php文件中的数据库把u1改成u即可
nginx上配置开启ssl
LB上均安装nignx(略)
-----------------------------------------nginx部分配置-------------------------------------------
server {
listen 443 ssl;
.....
ssl_certificate ssl/1.crt;
ssl_certificate_key ssl/2.key;
...................
-----------------------------两调度器配置 vim /etc/nginx/conf.d/LB.conf -----------------------------------------------
upstream le {
server 172.16.0.228:443;
server 172.16.0.229:443;
}
rewrite_log on;
server {
listen 80;
server_name www.le.com;
location / {
rewrite .* https://$server_name$1;
rewrite_log on;
error_log /var/log/nginx/1error.log notice;
}
}
server {
listen 443 ssl;
server_name www.le.com;
ssl_certificate ssl/1.crt;
ssl_certificate_key ssl/blog.2.key;
location / {
proxy_pass https://le;
include proxy_params;
access_log /var/log/nginx/ssl.log main;
}
}
-------------------------------------------------------------------------------------------------------------
[root@LB nginx]# cat proxy_params
proxy_set_header Host $http_host;冒号后面不能有空格,否则报错
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;
---------------------------------------------------------------------------------------------------------------------
重载服务即可