HTTPS = HTTP Over SSL = 基于SSL加密的HTTP通讯
HTTPS加密通讯不会被第三方监听.HTTPS是安全通讯.
证书工作原理:
从阿里云申请证书:
下载证书:
实验步骤
具体的操作命令请根据实际情况灵活使用.
参考的nginx.conf
include tts.conf;
tts.conf
server{
listen 80;
server_name tts.canglaoshi.org;
return 301 https://tts.canglaoshi.org;
}
server{
listen 443;
server_name tts.canglaoshi.org;
ssl on;
ssl_certificate cert/214438499540580.pem;
ssl_certificate_key cert/214438499540580.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
root tts;
index index.html;
}
}
注意: 域名与证书是成对使用的, 一个证书用于证明对应的域名.
什么是反向代理:
反向代理集群的优势是提高网站整体的并发处理能力.
配置原理:
配置步骤
参考的nginx.conf
include tts.conf;
参考的 demo.conf
upstream toms{
server 10.7.11.218:8080;
server 10.7.11.244:8080;
server 10.7.11.43:8080;
}
server{
listen 80;
server_name demo.canglaoshi.org;
access_log logs/demo.access.log;
error_log logs/demo.error.log;
index index.jsp index.html;
location / {
proxy_pass http://toms;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_max_temp_file_size 0;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
}
这里就可以将80和443端口的请求转发到Tomcat的8080端口了.
配置Nginx
添加配置文件 1711.conf:
upstream tomcat{
server 127.0.0.1:8080;
}
server {
listen 80;
server_name 1711.canglaoshi.org;
index index.html index.jsp;
location / {
proxy_pass http://tomcat;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_max_temp_file_size 0;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
}
server{
listen 80;
server_name tom.canglaoshi.org;
return 301 https://tom.canglaoshi.org;
}
server{
listen 443;
server_name tom.canglaoshi.org;
ssl on;
index index.html index.jsp;
ssl_certificate cert/214462831460580.pem;
ssl_certificate_key cert/214462831460580.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://tomcat;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_max_temp_file_size 0;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
}
配置了2个域名 其中 tom.canglaoshi.org 绑定了ssl证书
测试 重新启动nginx
Nginx 支持4中转发策略
轮询(默认)
ip_hash
fair(第三方)
服务器临时离线: 利用down 可以实现服务器临时离线, 一般用于对服务器进行维护.
案例:
upstream toms{
ip_hash;
server 10.7.11.218:8080 weight=10;
server 10.7.11.244:8080 weight=80;
server 10.7.11.43:8080 weight=20 down;
}
Redis 是一个基于内存的高性能的Key-Value非结构化数据库.
简单理解: Redis就是一个超大型的散列表, 算法类似于 HashMap!
安装
yum -y install redis
启动
systemctl start redis.service
重启等...
下载Redis
wget http://download.redis.io/releases/redis-3.0.0.tar.gz
安装gcc(可选)
yum -y install gcc
编译
tar -zxf redis-3.0.0.tar.gz
cd redis-3.0.0
mkdir /usr/local/redis-3.0.0
make PREFIX=/usr/local/redis-3.0.0 install
复制配置文件
cp redis.conf /usr/local/redis-3.0.0
修改配置文件 redis.conf 设置后台启动
修改配置文件,将其中的"daemonize no"行改为"daemonize yes",让其在后台运行。
启动服务器
/usr/local/redis-3.0.0/bin/redis-server /usr/local/redis-3.0.0/redis.conf &
& 符号的作用是将程序放到后台执行
关闭服务
/usr/local/redis-3.0.0/bin/redis-cli shutdown
实验
启动redis服务器
cd
redis-server /usr/local/redis-3.0.0/redis.conf &
用客户端连接
/usr/local/redis-3.0.0/src/redis-cli
测试:
SET message "Hello World"
GET message
帮助命令
HELP @string
HELP @[tab]