lvs-nat,https

<<<<<<<<<<<<<<<<<<<Real Server1>>>>>>>>>>>>>>>>>>>>>>>>
CentOS 6
VMnet2
setup
192.168.20.10
255.255.255.0
192.168.20.1
##############
service network restart
ifconfig
echo "web server 1" > /var/www/html/index.html
service httpd start

<<<<<<<<<<<<<<<<<<<Real Server2>>>>>>>>>>>>>>>>>>>>>>>>
CentOS 6
VMnet2
setup
192.168.20.11
255.255.255.0
192.168.20.1
##########
service network restart
ifconfig
echo "web server 2" > /var/www/html/index.html
service httpd start
curl http://192.168.20.10
<<<<<<<<<<<<<<<<<<<Director>>>>>>>>>>>>>>>>>>>>>>>>
CentOS 7
网卡1：桥接模式
网卡2：VMnet2

systemctl stop firewalld
setenforce 0
vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
################
sysctl -p
ifconfig
cd /etc/sysconfig/network-scripts/
cp ifcfg-eno16777736 ifcfg-eno33554984
vim ifcfg-eno33554984
TYPE=Ethernet
BOOTPROTO=static
IPADDR=192.168.20.1
NETMASK=255.255.255.0
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=no
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=eno33554984
DEVICE=eno33554984
ONBOOT=yes
###################
systemctl restart network
ifconfig
curl http://192.168.20.10 curl http://192.168.20.11 cd
mount /dev/cdrom /mnt/cdrom/
yum -y install ipvsadm
vim ipvsadm.sh
#!/bin/bash
#
ipvsadm -C
ipvsadm -A -t 172.16.249.124:80 -s rr
ipvsadm -a -t 172.16.249.124:80 -r 192.168.20.10 -m
ipvsadm -a -t 172.16.249.124:80 -r 192.168.20.11 -m
################
bash ipvsadm.sh
ipvsadm -L -n

######################### https ################################
######################### https ################################

<<<<<<<<<<<<<<<<<<<CA (Director)>>>>>>>>>>>>>>>>>>>>>>>>
date
cd /etc/pki/CA
(umask 077;openssl genrsa -out private/cakey.pem 2048)
openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 10000
CN
GuangDong
ShenZhen
zhclinux
ca
ca.zhclinux.com
cadmin@zhclinux.com

<<<<<<<<<<<<<<<<<<<< Real Server1 >>>>>>>>>>>>>>>>>>>>>>>>>>
date
cd /etc/httpd
mkdir ssl
cd ssl
(umask 077;openssl genrsa -out httpd.key 2048)
openssl req -new -key httpd.key -out httpd.csr -days 365
CN
GuangDong
ShenZhen
zhclinux
web
www.zhclinux.com
webadmin@zhclinux.com

scp httpd.csr root@192.168.20.1:/root
(如果scp过程需要等待很久，则设置192.168.20.1:/etc/ssh/sshd_config: GSSAPIAuthentication no)

<<<CA签署证书>>>
openssl ca -in /root/httpd.csr -out certs/www.zhclinux.com.crt -days 365
scp certs/www.zhclinux.com.crt root@192.168.20.10:/etc/httpd/ssl/

<<<Real Server1设置使用证书>>>
httpd -M | grep ssl
yum -y install mod_ssl
vim /etc/httpd/conf.d/ssl.conf
<VirtualHost *:443>
ServerName www.zhclinux.com
SSLCertificateFile /etc/httpd/ssl/www.zhclinux.com.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
###############
service httpd restart

<<<<<<<<<<<<<<<<<<<<Real Server2>>>>>>>>>>>>>>>>>>>>>>>>>>
date
cd /etc/httpd
mkdir ssl
cd ssl
(umask 077;openssl genrsa -out httpd.key 2048)
openssl req -new -key httpd.key -out httpd.csr -days 365
CN
GuangDong
ShenZhen
zhclinux
web
www.zhclinux.com
webadmin@zhclinux.com
###################
scp httpd.csr root@192.168.20.1:/root

<<<CA签署证书>>>
openssl ca -in /root/httpd.csr -out certs/www.zhclinux.com.crt -days 365
scp certs/www.zhclinux.com.crt root@192.168.20.11:/etc/httpd/ssl/

<<<Real Server2设置使用证书>>>
httpd -M | grep ssl
yum -y install mod_ssl
vim /etc/httpd/conf.d/ssl.conf
<VirtualHost *:443>
ServerName www.zhclinux.com
SSLCertificateFile /etc/httpd/ssl/www.zhclinux.com.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
###############
service httpd restart

<<<<<<<<<<<<<<<<<<<Director>>>>>>>>>>>>>>>>>>>>>>>>
vim ipvsadm.sh
#!/bin/bash
#
ipvsadm -C
ipvsadm -A -t 172.16.249.124:443 -s rr
ipvsadm -a -t 172.16.249.124:443 -r 192.168.20.10:443 -m
ipvsadm -a -t 172.16.249.124:443 -r 192.168.20.11:443 -m
ipvsadm -L -n
############################
bash lvs-dr-ssl.sh

<<<<<<<<<<<<<<<<<<<<<<<<<<<windows>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
1、浏览器导入CA证书
2、修改hosts文件
3、https://www.zhclinux.com访问