一、https加密算法

http协议在传输过程中使用的是明文，如果传输的是用户名和密码等信息就不安全。https就是在原来http协议中加上ssl算法，来对传输的数据进行加密。https加密的核心就是通过秘钥来实现。

秘钥（加密算法）的分类：
1.对称算法(加密和解密用一样的密码)：AES,DES（适合单机加密）
2.非对称算法(公钥和私钥):RSA,DSA
3.信息摘要:md5,sha256,sha512（数据完整性检验）
目前网站主要用非对称加密算法。

实现htpps加密步骤
1.生成证书和私钥（就是公钥和私钥）

 cd /home/application/nginx/conf  #一定要进入conf目录下

 openssl genrsa >my.key  #生成私钥

 openssl req -new -x509 -key my.key -out my.crt #使用私钥生成对应证书。这里除了my.crt其他不能变，且my.key与私钥文件名一样

#  openssl req -new -x509 -key my.key -out my.crt

   You are about to be asked to enter information that will be   incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

 There are quite a few fields but you can leave some blank

For some fields there will be a default value,

 If you enter '.', the field will be left blank.

 -----

Country Name (2 letter code) [XX]:CN #国家名称且必须只有两个字符

State or Province Name (full name) []: GX #省份信息随便写

Locality Name (eg, city) [Default City]:dd #城市信息，随便编写

Organization Name (eg, company) [Default Company Ltd]:kk#公司名称随便写

Organizational Unit Name (eg, section) []:ll#部门信息随便写

Common Name (eg, your name or your server's hostname) []:vv#服务器主机名随便写

Email Address []:fgf #邮箱地址随便写

2.修改nginx.conf实现网站加密

   vim /home/application/nginx/conf/nginx.conf

   # vim /home/application/nginx/conf/nginx.conf



 worker_processes  1;

 error_log logs/error.log error;

 events {

worker_connections  1024;

}

http {

include       mime.types;

default_type  application/octet-stream;

sendfile        on;

keepalive_timeout  65;

log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

                 '$status $body_bytes_sent "$http_referer" '

                  '"$http_user_agent" "$http_x_forwarded_for"';

 client_header_buffer_size 512k;

large_client_header_buffers 4 512k;

 #nginx vhosts config

include extra/www.conf;

include extra/bbs.conf;

include extra/blog.conf;

include extra/status.conf;

include extra/secret.conf;  #加上加密域名配置文件

}

配置extra/secret.conf

 vim /home/application/nginx/conf/extra/secret.conf



#https server

 server {    

     listen       443 ssl;

     server_name  secret.ceishi.com;



     ssl_certificate      my.crt; #公钥

     ssl_certificate_key  my.key;#私钥



     ssl_session_cache    shared:SSL:1m;

     ssl_session_timeout  5m;



     ssl_ciphers  HIGH:!aNULL:!MD5;

     ssl_prefer_server_ciphers  on;



     location / {

        root   html/secret;

        index  index.html index.htm;

    }

}

mkdir /home/application/nginx/html/secret

echo "jiami.ceishi.com" >/home/application/nginx/html/secret/index.html

/home/application/nginx/sbin/nginx -t

/home/application/nginx/sbin/nginx -s reload

二、Nginx作为代理软件

nginx既可以作为一个web服务器也可以作为反向代理服务器。实现web服务高可用、没有单点故障，实现负载均衡功能，集群高可用。

环境搭建
两台web服务器，内容一样（装appache）
地址为：192.168.31.38 192.168.31.134;
一台nginx调度器
地址为：192.168.31.230:

配置基于域名的虚拟主机
装appache

yum install httpd -y

禁用默认的主机模式

vim /etc/httpd/conf/httpd.conf

注释下面这行内容

#DocumentRoot "/var/www/html"

添加域名的虚拟主机配置

cd /etc/httpd/conf.d/  

vim virtualhost.conf #添加如下内容

NameVirtualHost *:80 

  

 DocumentRoot "/var/www/html/bbs"

ServerName    blog.ceishi.com





以前的版本光注释了他还不行，还需要在配置文件中写明在哪个地址的哪个端口上启用虚拟主机，比如加一行：



NameVirtualHost 192.168.100.24:80，但是2.4.x的httpd版本就不需要这一行了。

 

mkdir /var/www/html/bbs



cd /var/www/html/bbs

echo "blog.3138.com">index.html

#vim /etc/hosts

192.168.31.38 linux7.6 blog.ceishi.com

#curl -L  blog.ceishi.com            #测试          

 blog.3138.com

配置代理服务器nginx

worker_processes  1;

error_log logs/error.log error;

events {

   worker_connections  1024;

 }

 http {

 include       mime.types;

 default_type  application/octet-stream;

 sendfile        on;

 keepalive_timeout  65;

  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

               '$status $body_bytes_sent "$http_referer" '

                '"$http_user_agent" "$http_x_forwarded_for"';

   upstream bbs-server-pools{  #upstream标签放在http里server标签外

   此处注意upstream后面的名字不能是这样的下划线bbs_server_pools，否则出现400错误

      server 192.168.31.38:80;   #web服务器地址

      server 192.168.31.134:80;

      }

 #nginx vhosts config

 include extra/www.conf;

  include extra/bbs.conf;

   include extra/blog.conf;  

  include extra/status.conf;

    }

修改server标签配置

    #vim  nginx/conf/extra/bbs.conf

    server {

 listen       80;

 server_name  bbs.ceishi.com;

 location / {

    # root   html/bbs;

    # index  index.html index.htm;

   proxy_pass http://bbs-server-pools;  #传递给bbs_server_pools

    }

    }

客户端测试
客户端ip为：192.168.31.128

   vim /etc/hosts

 127.0.0.1   localhost localhost.localdomain localhost4   localhost4.localdomain4

  ::1         localhost localhost.localdomain localhost6  localhost6.localdomain6

 192.168.31.230 bbs.ceishi.com  #写的时nginx代理的地址

 #curl bbs.ceishi.com

  31.134bbs.com

  #curl bbs.ceishi.com

     bbs.31.128.com

    for i in 'seq 10' ;do curl bbs.ceishi.com; sleep 1;done