专栏首页eguid开源技术分享nginx反向代理cas server之1:多个cas server负载均衡配置以及ssl配置

nginx反向代理cas server之1:多个cas server负载均衡配置以及ssl配置

版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。

本文链接:https://blog.csdn.net/eguid_1/article/details/51727060

系统环境采用centOS7

由于cas server不支持session持久化方式的共享,所以请用其他方式代替,例如:组播复制。

为什么不支持session持久化:http://blog.csdn.net/eguid_1/article/details/51444009

SSL配置详细请查看http://blog.csdn.net/eguid_1/article/details/51282838

nginx反向代理完整配置(两个网站实例)

user nobody nobody;
worker_processes  2;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;
error_log /usr/local/nginx/logs/nginx_error.log crit;
pid       /usr/local/nginx/logs/nginx.pid;
worker_rlimit_nofile 20480;
events {
    use epoll;
    worker_connections  2048;
    #multi_accept on;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                        '$status $body_bytes_sent "$http_referer" '
                        '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  logs/access.log  main;
    charset  utf-8;

    server_tokens off;

    server_names_hash_bucket_size 128;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 64k;
    
    sendfile on;
    keepalive_timeout 60;

    tcp_nopush on;
    tcp_nodelay on;

    fastcgi_cache_path /usr/local/nginx/fastcgi_cache levels=1:2
                        keys_zone=TEST:10m
                        inactive=5m;
    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    fastcgi_buffer_size 64k;
    fastcgi_buffers 4 64k;
    fastcgi_busy_buffers_size 128k;
    fastcgi_temp_file_write_size 128k;


    gzip  on; 
    gzip_min_length 1000;
    gzip_buffers 4 16k;
    gzip_http_version 1.0;
    gzip_comp_level 3;
    #gzip_types text/plain application/x-javascript text/css application/xml;
    gzip_types  text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
    gzip_vary on;
   
    #limit_zone crawler $binary_remote_addr 10m;
    client_max_body_size 8m;
    client_body_buffer_size 128k;
    
    proxy_connect_timeout 600;
    proxy_read_timeout 600;
    proxy_send_timeout 600;
    proxy_buffer_size  16k;
    proxy_buffers  4 32k;
    proxy_busy_buffers_size 64k;
    proxy_temp_file_write_size 64k;
    
#server1
    upstream eguid
    {
      server 192.168.30.19:8080 weight=5;
    # server 192.168.30.14:8080 weight=5;
    # server 192.168.30.15:8080 weight=5;
    # server 192.168.30.16:8080 backup;
    }
#cas-server
    upstream account{
   
       server 192.168.30.16:8080;
       #jvm_route $cookie_JSESSIONID|sessionid reverse;
    }
    server {
        listen  80;
        server_name eguid.cn; 
        #index index.html index.htm index.jsp index.php;
        #root /data/www/eguid;
        #charset koi8-r;
       
        access_log  logs/host.access.log  main;

        location / {
         proxy_pass http://eguid;
         #proxy_pass http://account;
         #proxy_set_header X-Forwarded-Proto https;
         #proxy_set_header        Host lingdong;
         #proxy_set_header        X-Real-IP $remote_addr;
         #proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

        }


        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }
    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


   # cas-server
    
    server {
       listen       80;
       server_name  passport.eme.com;
       #ssl on;
       #ssl_certificate  /usr/local/nginx/conf/keys/passport.pem;
       #ssl_certificate_key  /usr/local/nginx/conf/keys/passport.key;
       #ssl                  on;
       #ssl_certificate       /usr/local/nginx/conf/passport.crt;
       #ssl_certificate_key  /usr/local/nginx/conf/passport_nopass.key;
       #ssl_session_timeout  5m;
       #ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
       #ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
       #ssl_prefer_server_ciphers on;
       location / {
           #proxy_redirect https://passport.eme.com/;
           #proxy_cookie_domain passport.eme.com;
           #proxy_redirect off; 
           proxy_pass http://account;
           proxy_cookie_path /cas-server/ /;  
           proxy_cookie_path /cas-server /;
           proxy_set_header   Cookie $http_cookie; 
           proxy_set_header   Host $host;
           proxy_set_header   Remote_Addr $remote_addr;
           proxy_set_header   X-Real-IP $remote_addr;
           proxy_set_header   REMOTE-HOST $remote_addr; 
           proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
         }
      }

#https server

    server {
       listen     443;
       server_name  passport.eme.com;
       ssl_certificate  /usr/local/nginx/conf/keys/eme.com.crt;
       ssl_certificate_key  /usr/local/nginx/conf/keys/eme.com.key;
       ssl_session_timeout  5m;
ssl on;   
 ssl_protocols  SSLv2 SSLv3 TLSv1;
 ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
 ssl_prefer_server_ciphers   on;     
       location / {
                     root   html;
                     index  index.html index.htm;
                  }
      }

}

本文参与腾讯云自媒体分享计划,欢迎正在阅读的你也加入,一起分享。

我来说两句

0 条评论
登录 后参与评论

相关文章

  • 译文:Nginx多阶段处理HTTP请求

    原文:http://www.nginxguts.com/2011/01/phases/

    随心助手
  • nginx之rewrite详解2-企业级应用场景

    (2)为了让搜索引擎搜录网站内容及用户体验更好,企业会将动态URL地址伪装成静态地址提供服务。

    随心助手
  • nginx十万并发配置(1)

    1)nginx进程数,建议按照cpu数目来指定,一般跟cpu核数相同或为它的倍数。

    随心助手
  • nginx正向代理配置详解

    nginx不仅可以做反向代理,还能用作正向代理来进行上网等功能。如果把局域网外的Internet想象成一个巨大的资源库,则局域网中的客户端要访问Inte...

    随心助手
  • Nginx下游网速优先

    ngx_http_upstream_process_non_buffered_request()

    随心助手
  • HTTP/1.1 协议Expect: 100-continue

    CURL transport error: transfer closed withoutstanding read data remaining

    随心助手
  • 禁用Compiz,太占内存

    https://zh.wikipedia.org/wiki/Compiz ,简单理解是实现了Ubuntu的3D效果

    随心助手
  • nginx的11个阶段概述

    // 将请求URI与location表达式匹配前,修改URI,即重定向阶段

    随心助手
  • 某CMS最新版后台漏洞

    file_unlink("../../".list[info]); 这个点很有意思,list[info]从数据库met_plist表里读出,然后删除文件

    随心助手
  • iOS实现UITableViewDataSource与Controller的分离

    在之前的项目中好多处用到了tableView,然而之前不懂得将代理方法实现分离,所以每在一处用到tableView就要在controller中写一遍UITabl...

    周希

扫码关注云+社区

领取腾讯云代金券