编译nginx时启用HttpSslModule模块,nginx版本需要0.8.7以上,我们集群中的已经编译好了
./configure –user=www –group=www –prefix=/usr/local/nginx –with-http_ssl_module进入要创建证书和私钥的目录
cd /usr/local/webserver/nginx/conf创建服务器私钥
openssl genrsa -des3 -out server.key 1024创建证书签名请求 (CSR):
openssl req -new -key server.key -out server.csr提交给 ssl 提供商的时候就是这个 csr 文件 。
cp server.key server.key.org openssl rsa -in server.key.org -out server.key最后签署证书使用上述的私钥和CSR:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt更新nginx站点文件
server { listen 80; server_name ecstore-bugfix; rewrite ^(.*) https://$host$1 permanent; } server { server_name ecstore-bugfix; #listen 80; listen 443; root /data/www/ecstore-bugfix; index index.html index.htm index.php; ssl on; ssl_certificate /srv/nginx/conf/server.crt; ssl_certificate_key /srv/nginx/conf/server.key; if (!-e $request_filename) { rewrite ^/(.*)$ /index.php/$1 last; break; } location ~ \.php { fastcgi_param HTTPS on; include php_fcgi.conf; include pathinfo.conf; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d; } location ~ .*\.(js|css)?$ { expires 1h; } }重启 nginx
修改前记得关闭
vim /etc/rc.d/init.d/lvs-server #!/bin/sh # lvs - this script starts and stops the lvs # # chkconfig: - 85 15 # description: LVS/NAT VIP=192.168.51.119 RIP1=10.0.0.2 RIP2=10.0.0.3 case "$1" in start) echo "Start LVS of DirectorServer" echo "1" > /proc/sys/net/ipv4/ip_forward #Set Lvs /sbin/ipvsadm -A -t $VIP:443 -s rr /sbin/ipvsadm -a -t $VIP:443 -r $RIP1:443 -m /sbin/ipvsadm -a -t $VIP:443 -r $RIP2:443 -m #Run Lvs /sbin/ipvsadm ;; stop) echo "Close LVS Directorserver" echo "0" > /proc/sys/net/ipv4/ip_forward /sbin/ipvsadm -C ;; *) echo "Usage. $0 {start|stop}" exit 1 esac启动lvs,访问主机: https://192.168.51.119
<?php
/**
* ShopEx licence
*
* @copyright Copyright (c) 2005-2010 ShopEx Technologies Inc. (http://www.shopex.cn)
* @license http://ecos.shopex.cn/ ShopEx License
*/
/**
* 网店配置模板
*
* 版本 $Id: config.sample.php 37482 2009-12-08 10:54:56Z ever $
* 配置参数讨论专贴 http://www.shopex.cn/bbs/thread-61957-1-1.html
*/
// ** 数据库配置 ** //
define('DB_USER', 'root'); # 数据库用户名
define('DB_PASSWORD', '123456'); # 数据库密码
define('DB_NAME', 'ecstore_bugfix'); # 数据库名
# 数据库服务器 -- 99% 的情况下您不需要修改此参数
define('DB_HOST', 'localhost');
//define('DB_PCONNECT',1); #是否启用数据库持续连接?
define('WITH_REWRITE',true);
define('STORE_KEY', ''); #密钥
define('DB_PREFIX', 'sdb_');
#define('LANG', '');
define('DEFAULT_TIMEZONE', '8');
define('WITHOUT_CACHE',true);
#define('PAGE_CACHE_LOG', false);
define('WITHOUT_KVSTORE_PERSISTENT', false);
#启用触发器日志: home/logs/trigger.php
//define ('TRIGGER_LOG',true);
//define ('DISABLE_TRIGGER',true); #禁用触发器
/* 以下为调优参数 */
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');
define('DEBUG_JS',false);
define('DEBUG_CSS',false);
define('ROOT_DIR', realpath(dirname(__FILE__).'/../'));
//安全模式启用后将禁用插件
//define('SAFE_MODE',false);
#您可以更改这个目录的位置来获得更高的安全性
define('DATA_DIR', ROOT_DIR.'/data');
define('THEME_DIR', ROOT_DIR.'/themes');
define('PUBLIC_DIR', ROOT_DIR.'/public'); #同一主机共享文件
define('MEDIA_DIR', PUBLIC_DIR.'/images');
define('SECACHE_SIZE','15M'); #缓存大小,最大不能超过1G
//define('TEMPLATE_MODE','database');
define("MAIL_LOG",false);
define('DEFAULT_INDEX','');
define('SERVER_TIMEZONE',8); #服务器时区
//define('APP_ROOT_PHP','index.php'); #iis 5
//define('HTTP_PROXY','127.0.0.1:8888');
@ini_set('memory_limit','32M');
define('WITHOUT_GZIP',false);
define('WITHOUT_STRIP_HTML', true);
# Session 配置
# define('SESS_NAME', 's'); #used as cookie name
# define('SESS_CACHE_EXPIRE', 60); #expires after n minutes
#前台禁ip
//define('BLACKLIST','10.0.0.0/24 192.168.0.1/24');
#数据库集群.
//define('DB_SLAVE_NAME',DB_NAME);
//define('DB_SLAVE_USER',DB_USER);
//define('DB_SLAVE_PASSWORD',DB_PASSWORD);
//define('DB_SLAVE_HOST',DB_HOST);
#支持泛解的时候才可以用这个, 仅支持fs_storager
/*
* define('HOST_MIRRORS',
* 'http://img0.example.com,
* http://img2.example.com,
* http://img2.example.com');
*/
#使用ftp存放图片文件
//define('WITH_STORAGER','ftp_storager');
#确定服务器支持htaccess文件时,可以打开下面两个参数获得加速。
//define ('GZIP_CSS',true);
//define ('GZIP_JS',true);
/* 日志 */
//define('LOG_LEVEL',E_ERROR);
/* 日志保存类型 0=>使用系统日志, 3=>保存文件 */
#define('LOG_TYPE', 0);
#define('LOG_TYPE', 3);
#按日期分目录,每个ip一个日志文件。扩展名是php防止下载。
define('LOG_FILE', DATA_DIR.'/logs/{date}/{ip}.php');
#log文件头部放上exit()保证无法下载。
define('LOG_HEAD_TEXT', '<'.'?php exit()?'.">\n");
//define('LOG_FORMAT',"{gmt}\t{request}\t{code}");
#禁止运行安装
//define('DISABLE_SYS_CALL',1);
#使用数据库存放改动过的模板
//define('THEME_STORAGE','db');
# kvstroe后台存储类
# define('KVSTORE_STORAGE', 'base_kvstore_filesystem');
# define('KVSTORE_STORAGE', 'base_kvstore_mysql');
# define('KVSTORE_STORAGE', 'base_kvstore_memcache');
# define('KVSTORE_STORAGE', 'base_kvstore_dba');
# define('KVSTORE_STORAGE', 'base_kvstore_tokyotyrant');
define('KVSTORE_STORAGE', 'base_kvstore_flare');
# cache后端存储类
# define('CACHE_STORAGE', 'base_cache_nocache');
# define('CACHE_STORAGE', 'base_cache_secache');
define('CACHE_STORAGE', 'base_cache_memcache');
# define('CACHE_STORAGE', 'base_cache_memcached');
# kvstroe memcache服务器配置
# socket 'unix:///tmp/memcached.sock'
# server '127.0.0.1:11211'
# multi 'unix:///tmp/memcached.sock,127.0.0.1:11211,127.0.0.1:11212'
# define('KVSTORE_MEMCACHE_CONFIG', 'unix:///tmp/memcached.sock');
define('KVSTORE_MEMCACHE_CONFIG', '10.0.0.2:12121,10.0.0.3:12121');
# cache memcache服务器配置
# socket 'unix:///tmp/memcached.sock'
# server '127.0.0.1:11211'
# multi 'unix:///tmp/memcached.sock,127.0.0.1:11211,127.0.0.1:11212'
# define('CACHE_MEMCACHE_CONFIG', 'unix:///tmp/memcached.sock');
define('CACHE_MEMCACHE_CONFIG', '10.0.0.2:11211,10.0.0.3:11211');
#mongodb 服务器配置
#server:
#"mongodb://${username}:${password}@localhost" , "mongodb:///tmp/mongo-27017.sock"
#define('MONGODB_SERVER_CONFIG', 'mongodb://localhost:27017');
#option:
#array("connect" => TRUE),array("username"=>'xxxx', "password"=>'xxx');
#define('MONGODB_OPTION_CONFIG','return '. var_export(array('connect'=>true),1).';');
# KV_PREFIX KV引擎前缀
# define('KV_PREFIX', 'default');
# file_storage
define('FILE_STORAGER','flaresystem');
define('STORAGE_MEMCACHED','10.0.0.2:12121,10.0.0.3:12121');
define('STORAGE_HOST', 'http://192.168.51.119');
#define('FILE_STORAGER','filesystem');
#define('STORAGE_MEMCACHED','192.168.0.230:11211,192.168.0.231:11211');
#define('HOST_MIRRORS','http://img.demo.cn,http://img1.demo.cn');
# app statics host
#define('APP_STATICS_HOST', 'http://img.demo.cn;http://img1.demo.cn');
/**************** compat functions begin ****************/
#此处程序自动生成,请勿修改
/**************** compat functions end ****************/
[root@ecos02 ~]# vim /data/www/ecstore-bugfix/config/config.php
# define('KVSTORE_STORAGE', 'base_kvstore_dba');
# define('KVSTORE_STORAGE', 'base_kvstore_tokyotyrant');
define('KVSTORE_STORAGE', 'base_kvstore_flare');
# cache后端存储类
# define('CACHE_STORAGE', 'base_cache_nocache');
# define('CACHE_STORAGE', 'base_cache_secache');
define('CACHE_STORAGE', 'base_cache_memcache');
# define('CACHE_STORAGE', 'base_cache_memcached');
# kvstroe memcache服务器配置
# socket 'unix:///tmp/memcached.sock'
# server '127.0.0.1:11211'
# multi 'unix:///tmp/memcached.sock,127.0.0.1:11211,127.0.0.1:11212'
# define('KVSTORE_MEMCACHE_CONFIG', 'unix:///tmp/memcached.sock');
define('KVSTORE_MEMCACHE_CONFIG', '10.0.0.2:12121,10.0.0.3:12121');
# cache memcache服务器配置
# socket 'unix:///tmp/memcached.sock'
# server '127.0.0.1:11211'
# multi 'unix:///tmp/memcached.sock,127.0.0.1:11211,127.0.0.1:11212'
# define('CACHE_MEMCACHE_CONFIG', 'unix:///tmp/memcached.sock');
define('CACHE_MEMCACHE_CONFIG', '10.0.0.2:11211,10.0.0.3:11211');
#mongodb 服务器配置
#server:
#"mongodb://${username}:${password}@localhost" , "mongodb:///tmp/mongo-27017.sock"
#define('MONGODB_SERVER_CONFIG', 'mongodb://localhost:27017');
#option:
#array("connect" => TRUE),array("username"=>'xxxx', "password"=>'xxx');
#define('MONGODB_OPTION_CONFIG','return '. var_export(array('connect'=>true),1).';');
# KV_PREFIX KV引擎前缀
# define('KV_PREFIX', 'default');
# file_storage
define('FILE_STORAGER','flaresystem');
define('STORAGE_MEMCACHED','10.0.0.2:12121,10.0.0.3:12121');
define('STORAGE_HOST', 'http://192.168.51.119');
#define('FILE_STORAGER','filesystem');
#define('STORAGE_MEMCACHED','192.168.0.230:11211,192.168.0.231:11211');
#define('HOST_MIRRORS','http://img.demo.cn,http://img1.demo.cn');
# app statics host
#define('APP_STATICS_HOST', 'http://img.demo.cn;http://img1.demo.cn');
/**************** compat functions begin ****************/
#此处程序自动生成,请勿修改
/**************** compat functions end ****************/