Integrated network security access architecture _

Others 2019-11-20 11:42:17 views: null

Concepts HTTPs (secure)

1. Confidentiality of data

Data transmission may be seen by a third party at any time

Solution:

a>

 

b> symmetric encryption private key and public transmission hair 

 

 

 

 

 2. Data integrity

Data transmission can not be free to allow anyone to modify

 

Solution:

 

 Symmetric encryption algorithm. Protect public and private signature

 

 

 

3. Authentication problem

For the first time when communication is required to confirm the identity of both the right

 

 Solution: asymmetric private key encryption algorithm save on the server, the public key distribution

=== public key certificate (ID card)

CA Certificate Authority

Jump to realize HTTP access to HTTPS

Website achieve pseudo-static configuration

First course: to create private and public keys (certificates)

    cd / etc / nginx / 
    OpenSSL genrsa -idea - OUT server.key 2048 
    genrsa    --- create what type of private
    IDEA      --- need to set the password to the private key file
     OUT       --- created to generate a private key file
 
    openssl req -days 36500 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt
    REQ        --- create a certificate file
    Days       --- certificate file is valid (the default day)
    X509       --- certificate file formats
    sha256   --- specifies the algorithm to generate the certificate
    Nodes    --- removal certificate private key password generation
    KEYOUT   --- specify the private key file to load
     OUT      --- generated certificate information

 

 

 

 

 Second course: in nginx program, write a configuration file to open HTTPS function, load the private and public information

   ssl_certificate      ssl_key/server.crt;
    ssl_certificate_key    ssl_key/server.key;
    
    [root@web02 nginx]# cat /etc/nginx/conf.d/www.conf 
    server {
       listen            443 ssl;
       server_name       www.oldboy.com www.jd.com;
       root              /html/www;
       index             index.html;
       ssl_certificate      server.crt;
       ssl_certificate_key    server.key;
    }

Third course: HTTP access HTTPS jump function configuration

    server {
       listen            80;
       server_name       www.oldboy.com;
       rewrite  ^/(.*)$  https://$host/$1 redirect;
    }
    server {
       listen            443 ssl;
       server_name       www.oldboy.com www.jd.com;
       root              /html/www;
       index             index.html;
       ssl_certificate      server.crt;
       ssl_certificate_key    server.key;
    }

HTTPs load balancing to achieve access to the process

One way: the whole network servers are configured certificate and private key information

   User Client Access LB01 --- ---    Web node
    www.oldboy.com       http://www.oldboy.com
                         https://www.oldboy.com  --->  listen 443 ssl
    
    First course: Writing lb load balancing configuration file
    upstream oldboy {
      #server 10.0.0.7:443;
      server 10.0.0.8:443;
      #server 10.0.0.9:80;
    }    
    server {
          listen        80;
          server_name   localhost;
          rewrite  ^/(.*)$  https://$host/$1 redirect;
    }
    server {
      listen        443 ssl;
      server_name   localhost;
          ssl_certificate      server.crt;
          ssl_certificate_key    server.key;
      location / {
         proxy_pass  https://oldboy;
         proxy_set_header Host $host;
         proxy_set_header X-Forwarded-For $remote_addr;      
      }
    }
    
    Second Course: web Node Configuration
    server {
       listen            443 ssl;
       server_name       www.oldboy.com www.jd.com;
       root              /html/www;
       index             index.html;
       ssl_certificate      server.crt;
       ssl_certificate_key    server.key;
    }

Second way: load balancing server configuration certificate and private key information

User Client Access LB01 --- --->    Web node
    www.oldboy.com       http://www.oldboy.com
                         https://www.oldboy.com  --->   listen 80

    First course: load balancing configuration information
    upstream oldboy {
      #server 10.0.0.7:443;
      server 10.0.0.8:80;
      #server 10.0.0.9:80;
    }    
    server {
          listen        80;
          server_name   localhost;
          rewrite  ^/(.*)$  https://$host/$1 redirect;
    }
    server {
      listen        443 ssl;
      server_name   localhost;
          ssl_certificate      server.crt;
          ssl_certificate_key    server.key;
      location / {
         proxy_pass  http://oldboy;
         proxy_set_header Host $host;
         proxy_set_header X-Forwarded-For $remote_addr;      
      }
    }
    
    Second Course: web node configuration information
    server {
       listen            80;
       server_name       www.oldboy.com www.jd.com;
       root              /html/www;
       index             index.html;
    }

Use HTTPs access dynamic page wordpress

 First course: Edit Profile Information
    Modify the load balancing configuration file:
    upstream oldboy {
          #server 10.0.0.7:443;
          server 10.0.0.8:443;
          #server 10.0.0.9:80;
        }
    server {
          listen        80;
          server_name   localhost;
          rewrite  ^/(.*)$  https://$host/$1 redirect;
    }
    server {
          listen        443 ssl;
          server_name   localhost;
          ssl_certificate       server.crt;
          ssl_certificate_key   server.key;
          location / {
             proxy_pass  https://oldboy;
             proxy_set_header Host $host;
             proxy_set_header X-Forwarded-For $remote_addr;
          }
     }
    
    web server configuration    
    server {
      listen       443 ssl;
      server_name   blog.oldboy.com blog.oldgirl.com;
      ssl_certificate       server.crt;
      ssl_certificate_key   server.key;
      location / {
          root         /html/blog;
          index        index.php index.html;
      }
      location ~ \.php$ {
          root /html/blog;
          fastcgi_pass  127.0.0.1:9000;
          fastcgi_index index.php;
          fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
          fastcgi_param HTTPS on;
          include fastcgi_params;
      }
    }
    
    Second course: Modify wordpress background information
    Modify the address for the HTTPS: // blog.oldboy.com 
    
    third course: nginx restart the program

 

 

Guess you like

Origin www.cnblogs.com/zhanghongqi/p/11896540.html
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com