OBSNGINX反向代理实现HTTPS自定义域名访问

喜欢博主的小伙儿可以关注哦~~~

摘要:本文通过NGINX反向代理实现自定义域名HTTPS协议访问华为云OBS服务,采用均衡负载ELB搭建后台服务增强应用高可用性。

OBS HTTPS Reverse Proxy

创建ECS并安装NGINX服务

注意:安全组设置需要开放80,443端口,默认网络安全组即可

wget rpm -ivh nginx-release-centos-7-0.el7.ngx.noarch.rpm yum -y install nginx systemctl start nginx systemctl enable nginx

ip

证书及秘钥上传

1.秘钥以.key文件结尾文件

2.证书以.crt或者.pem结果文件

3.上传到/usr/local/ssl/(目录可自定义)

配置NGINX

vim /etc/nginx/conf.d/default.conf

server {

listen 80;

listen 443 ssl;

ssl_certificate /usr/local/ssl/domain_name.pem;//replace domain_name to your actual value

ssl_certificate_key /usr/local/ssl/domain_name.key;

#server_name domain_name;

server_name ********;###public ip

#access_log /var/log/nginx/host.access.log main;

location / {

root /home/www/public_html/domain_name/public/;

proxy_pass ;//the bucket you want to access

index index.html index.htm;

}

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;

ssl_prefer_server_ciphers on;

ssl_session_cache shared:SSL:10m;

ssl_session_timeout 10m;

#error_page 404 /404.html;

# redirect server error pages to the static page /50x.html

#

error_page 500 502 503 504 /50x.html;

location = /50x.html {

root /usr/share/nginx/html;

}

# proxy the PHP scripts to Apache listening on 127.0.0.1:80

#

#location ~ \.php$ {

# proxy_pass ;

#}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000

#

#location ~ \.php$ {

# root html;

# fastcgi_pass 127.0.0.1:9000;

# fastcgi_index index.php;

# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;

# include fastcgi_params;

#}

# deny access to .htaccess files, if Apaches document root

# concurs with nginxs one

#

#location ~ /\.ht {

# deny all;

#}

}

检测NGINX配置及设置开机启动

nginx -t systemctl stop nginx systemctl start nginx

发送HTTP/HTTPS请求获取OBS数据

ip

ip

制作镜像,新创建一台ECS服务器

使用ECS-NGINX-S1创建镜像,申请一台服务器,实现两台服务器互相backup

创建ELB服务,添加HTTPS监听及后端服务器

1.创建HTTP/HTTPS ELB

2.添加HTTPS监听器

3.添加证书crt,秘钥pem

4.添加后台服务器,设置80端口

测试ELB HTTPS请求服务访问OBS服务

最后ELB 公网IP绑定自定义域名,大功告成!!!