公司搞了三台ECS,其中两台放web项目,另外一台装了nginx搞负载均衡,但是配置好了一直404.
刚开始是在本地内网搞了三台机子先试着配置了nginx,然后成功了。
相同的配置放在ECS上就404了,也试过不用负载单个IP指向能成功,一用upstream就404,如果给Host赋值IP的话能解决但是不知道这样是不是就没有负载均衡的功能了,实在不知道该怎么解决 orz
upstream www.keysi.com{
server 118.31.44.28;
server 116.62.143.235;
}
server {
listen 443;
server_name www.keysi.com;
ssl on;
ssl_certificate /etc/nginx/ca/server/server.crt;
ssl_certificate_key /etc/nginx/ca/server/server.key;
ssl_client_certificate /etc/nginx/ca/private/ca.crt;
ssl_session_timeout 5m;
ssl_verify_client on;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / {
#proxy_pass http://118.31.44.28;
#proxy_set_header Host "118.31.44.28";
proxy_redirect off;
proxy_pass http://www.keysi.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
刚开始是在本地内网搞了三台机子先试着配置了nginx,然后成功了。
相同的配置放在ECS上就404了,也试过不用负载单个IP指向能成功,一用upstream就404,如果给Host赋值IP的话能解决但是不知道这样是不是就没有负载均衡的功能了,实在不知道该怎么解决 orz
upstream www.keysi.com{
server 118.31.44.28;
server 116.62.143.235;
}
server {
listen 443;
server_name www.keysi.com;
ssl on;
ssl_certificate /etc/nginx/ca/server/server.crt;
ssl_certificate_key /etc/nginx/ca/server/server.key;
ssl_client_certificate /etc/nginx/ca/private/ca.crt;
ssl_session_timeout 5m;
ssl_verify_client on;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / {
#proxy_pass http://118.31.44.28;
#proxy_set_header Host "118.31.44.28";
proxy_redirect off;
proxy_pass http://www.keysi.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
server 118.31.44.28;
server 116.62.143.235;
} 端口呀,兄弟~~~~~
ssl_client_certificate /etc/nginx/ca/private/ca.crt; 这个不要,,这是客户端的 ssl_protocols TLSv1.1 TLSv1.2; 协议配这两个就行了
ssl_ciphers RC4:HIGH:!aNULL:!MD5; 加密用这,你配的漏扫过不了