创建https证书

第一个里程碑：创建https证书

创建文件认证目录

mkdir /application/nginx/key/ -p

在认证目录下创建认证文件

1. openssl req -new -x509 -nodes -out server.crt -keyout server.key
2.  
3. Generating a 2048 bit RSA private key
4. .......+++
5. ......................................+++
6. writing new
   private key to 'server.key'
7. -----
8. You are about to be asked to enter information that will be incorporated
9. into your certificate request.
10. What you are about to enter is what is called a Distinguished Name or a DN.
11. There are quite a few fields but you can leave some blank
12. For some fields there will be a default
    value,
13. If you enter '.', the field will be left blank.
14. -----
15. Country Name (2 letter code) [XX]:CH
16. State or Province Name (full name) []:bj
17. Locality Name (eg, city) [Default City]:bj
18. Organization Name (eg, company) [Default Company Ltd]: 回车
19. Organizational Unit Name (eg, section) []: 回车
20. Common Name (eg, your name or your server's hostname) []: 回车
21. Email Address []: 回车

编写 nginx配置文件 （在负载均衡上配置）

1. worker_processes 1;
2. events {
3.     worker_connections 1024;
4. }
5. http {
6.     include mime.types;
7.     default_type application/octet-stream;
8.     sendfile on;
9.     keepalive_timeout 65;
10.     upstream www_pools {
11.       server 10.0.0.8;
12.    }
13.     upstream bbs_pools {
14.       server 10.0.0.7;
15.    }
16.     upstream blog_pools {
17.       server 10.0.0.9;
18.     }
19.     server {
20.         listen 443 ssl;
21.         listen 80;
22.         server_name www.etiantian.org;
23.         ssl_certificate /application/nginx/key/server.crt;
24.         ssl_certificate_key /application/nginx/key/server.key;
25.         ssl_session_cache shared:SSL:1m;
26.         ssl_session_timeout 5m;
27.         ssl_ciphers HIGH:!aNULL:!MD5;
28.         ssl_prefer_server_ciphers on;
29.         location / {
30.             proxy_pass http://www_pools;
31.             proxy_set_header Host $host;
32.             proxy_set_header X-Forwarded-For $remote_addr;
33.         }
34.     }
35.     server {
36.         listen 80;
37.             server_name bbs.etiantian.org;
38.         location / {
39.             proxy_pass http://bbs_pools;
40.             proxy_set_header Host $host;
41.             proxy_set_header X-Forwarded-For $remote_addr;
42.         }
43.     }
44.         server {
45.         listen 80;
46.             server_name c.etiantian.org;
47.         location / {
48.             proxy_pass http://bbs_pools;
49.             proxy_set_header Host $host;
50.             proxy_set_header X-Forwarded-For $remote_addr;
51.         }
52.     }
53.  
54.     server {
55.         listen 80;
56.             server_name blog.etiantian.org;
57.         location / {
58.             proxy_pass http://blog_pools;
59.             proxy_set_header Host $host;
60.             proxy_set_header X-Forwarded-For $remote_addr;
61.         }
62.     }
63. }

测试