1.www.a.com/a.html ---> www.a.com/file/a.html
2 www.a.com -----> www.b.com
3, based on nginx binding openssl implemented https
First install a software nginx
Turn off the firewall
Systemctl stop firewalld
Iptabled -F
Setenforce 0
Yum -y install pcre-devel zlib-devel openssl-devel
Yum -y gcc gcc-c++ make
Creating user groups
Useradd -M –s /sbin/nologiin nginx
Compile and install nginx
Package nginx -1.16.1.tar.gz
Nginx source package release
Configuring the Compilation
Cd /usr/src/nginx-1.16.1
./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module --with-http_ssl_module --with-http_flv_module --with-http_gzip_static_module &&make && make instal
[[email protected]]# ln -s /usr/local/nginx/sbin/nginx /usr/local/bin/
[[email protected]]#ll /usr/local/bin/nginx
lrwxrwxrwx 1 root root 27 12-29 07:24 /usr/local/bin/nginx -> /usr/local/nginx/sbin/nginx
nginx -t
nginx
Generating a Certificate
(1) create a private key
Create a directory: mkdir ca
Change directory cd ca
ls View
Create a private key
OpenSSL (tool) can be realized: a key certificate management, symmetric encryption and asymmetric encryption.
genrsa for generating rsa private key is not generated public key, the private key as a public key extracted from
Rsa 1024 generates the private key, -out specified output file, where the output file is the certificate request file.
ls View
Create a certificate request:
req achieved generate a private key file and use it to generate a certificate request file. -new denotes a newly generated new certificate request private key file specified file -key -out specified output file, where the output file is the certificate request file.
Self-signed certificate:
-x509: instructions to generate a self-signed certificate
openssl req command the main functions, to generate a certificate request file for a verification certificate request file, there is the self-signed certificate. Certificate request file li.csr
-out: -out specifies that the resulting certificate request or self-signed certificate name li.srt
-signkey: providing private li.key
Https nginx configuration to achieve one-way authentication
Export the certificate to the .p12 format browsing support:
-export: This option specifies a PKCS # 12 file will be created.
-clcerts: output only client certificate, CA certificate is not output.
Opening the browser settings inside management certificate
4, based on Apache and load balancing tomcat
Three virtual machines
192.168.200.10 virtual machine
192.168.200.8 virtual machine
Tomcat must be open
192.168.200.13 on a virtual machine
Tomcat must be open
Refresh time
5, Nginx prevent DDOS, CC, reptiles attack
Just write your own content inside
Test on another virtual machine
Install ad command
Yum -y install httpd-tools
-N the number of requests in the test session performed. By default, perform a single request.
-c produced a number of requests. Default is one.
Re-visit refreshing.
