當你的主機已經負荷不了客戶端的需求時,除了加開CPU與RAM之外,開啟另一台規格一般的主機來做服務分流,也許是更好更符合經濟效益的選擇,今天就來分享 使用 Nginx 的 反向代理設定 SSL。
指令:
sudo nano /etc/nginx/sites-available/defaultupstream backend_server {
ip_hash;
server 192.168.1.1:80;
server 192.168.1.2:80;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name your_domain;
ssl on;
ssl_certificate /etc/ssl/server.crt;
ssl_certificate_key /etc/ssl/your_domain.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_read_timeout 60s;
proxy_pass https://backend_server;
}
}分流參數說明:
- round-robin 預設值 輪詢
- least-connected 最少連線數
- ip-hash 透過ip hash 函式分配 (注意除非你ip有變動不然就是會一直連同一台,卡在這個參數卡了一整天除錯)
相關參考連結:
http://nginx.org/en/docs/http/load_balancing.html
https://www.maxlist.xyz/2020/06/18/flask-nginx/
https://blog.toright.com/posts/3890/%E7%84%A1%E5%A0%85%E4%B8%8D%E6%91%A7%EF%BC%8C%E5%94%AF%E5%BF%AB%E4%B8%8D%E7%A0%B4%EF%BC%81%E5%BF%AB%E6%94%B9%E7%94%A8-nginx-php-fpm-%E5%8F%96%E4%BB%A3-apache-%E5%90%A7%EF%BC%81.html
https://hyperf.wiki/2.0/#/zh-tw/tutorial/nginx?id=%e9%85%8d%e7%bd%ae-websocket-%e4%bb%a3%e7%90%86
https://www.itread01.com/content/1545815714.html
https://www.cnblogs.com/itzgr/p/13327861.html#_label0_2
https://medium.com/starbugs/web-server-nginx-2-bc41c6268646
https://oranwind.org/-node-js-ubuntu-shang-nginx-an-zhuang-yu-she-ding/