lvs-nat,https
2015-10-11 22:44
459 查看
<<<<<<<<<<<<<<<<<<<Real Server1>>>>>>>>>>>>>>>>>>>>>>>>
CentOS 6
VMnet2
setup
192.168.20.10
255.255.255.0
192.168.20.1
##############
service network restart
ifconfig
echo "web server 1" > /var/www/html/index.html
service httpd start
<<<<<<<<<<<<<<<<<<<Real Server2>>>>>>>>>>>>>>>>>>>>>>>>
CentOS 6
VMnet2
setup
192.168.20.11
255.255.255.0
192.168.20.1
##########
service network restart
ifconfig
echo "web server 2" > /var/www/html/index.html
service httpd start
curl http://192.168.20.10
<<<<<<<<<<<<<<<<<<<Director>>>>>>>>>>>>>>>>>>>>>>>>
CentOS 7
网卡1:桥接模式
网卡2:VMnet2
systemctl stop firewalld
setenforce 0
vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
################
sysctl -p
ifconfig
cd /etc/sysconfig/network-scripts/
cp ifcfg-eno16777736 ifcfg-eno33554984
vim ifcfg-eno33554984
TYPE=Ethernet
BOOTPROTO=static
IPADDR=192.168.20.1
NETMASK=255.255.255.0
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=no
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=eno33554984
DEVICE=eno33554984
ONBOOT=yes
###################
systemctl restart network
ifconfig
curl http://192.168.20.10 curl http://192.168.20.11 cd
mount /dev/cdrom /mnt/cdrom/
yum -y install ipvsadm
vim ipvsadm.sh
#!/bin/bash
#
ipvsadm -C
ipvsadm -A -t 172.16.249.124:80 -s rr
ipvsadm -a -t 172.16.249.124:80 -r 192.168.20.10 -m
ipvsadm -a -t 172.16.249.124:80 -r 192.168.20.11 -m
################
bash ipvsadm.sh
ipvsadm -L -n
######################### https ################################
######################### https ################################
<<<<<<<<<<<<<<<<<<<CA (Director)>>>>>>>>>>>>>>>>>>>>>>>>
date
cd /etc/pki/CA
(umask 077;openssl genrsa -out private/cakey.pem 2048)
openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 10000
CN
GuangDong
ShenZhen
zhclinux
ca
ca.zhclinux.com
cadmin@zhclinux.com
<<<<<<<<<<<<<<<<<<<< Real Server1 >>>>>>>>>>>>>>>>>>>>>>>>>>
date
cd /etc/httpd
mkdir ssl
cd ssl
(umask 077;openssl genrsa -out httpd.key 2048)
openssl req -new -key httpd.key -out httpd.csr -days 365
CN
GuangDong
ShenZhen
zhclinux
web
www.zhclinux.com
webadmin@zhclinux.com
scp httpd.csr root@192.168.20.1:/root
(如果scp过程需要等待很久,则设置192.168.20.1:/etc/ssh/sshd_config: GSSAPIAuthentication no)
<<<CA签署证书>>>
openssl ca -in /root/httpd.csr -out certs/www.zhclinux.com.crt -days 365
scp certs/www.zhclinux.com.crt root@192.168.20.10:/etc/httpd/ssl/
<<<Real Server1设置使用证书>>>
httpd -M | grep ssl
yum -y install mod_ssl
vim /etc/httpd/conf.d/ssl.conf
<VirtualHost *:443>
ServerName www.zhclinux.com
SSLCertificateFile /etc/httpd/ssl/www.zhclinux.com.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
###############
service httpd restart
<<<<<<<<<<<<<<<<<<<<Real Server2>>>>>>>>>>>>>>>>>>>>>>>>>>
date
cd /etc/httpd
mkdir ssl
cd ssl
(umask 077;openssl genrsa -out httpd.key 2048)
openssl req -new -key httpd.key -out httpd.csr -days 365
CN
GuangDong
ShenZhen
zhclinux
web
www.zhclinux.com
webadmin@zhclinux.com
###################
scp httpd.csr root@192.168.20.1:/root
<<<CA签署证书>>>
openssl ca -in /root/httpd.csr -out certs/www.zhclinux.com.crt -days 365
scp certs/www.zhclinux.com.crt root@192.168.20.11:/etc/httpd/ssl/
<<<Real Server2设置使用证书>>>
httpd -M | grep ssl
yum -y install mod_ssl
vim /etc/httpd/conf.d/ssl.conf
<VirtualHost *:443>
ServerName www.zhclinux.com
SSLCertificateFile /etc/httpd/ssl/www.zhclinux.com.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
###############
service httpd restart
<<<<<<<<<<<<<<<<<<<Director>>>>>>>>>>>>>>>>>>>>>>>>
vim ipvsadm.sh
#!/bin/bash
#
ipvsadm -C
ipvsadm -A -t 172.16.249.124:443 -s rr
ipvsadm -a -t 172.16.249.124:443 -r 192.168.20.10:443 -m
ipvsadm -a -t 172.16.249.124:443 -r 192.168.20.11:443 -m
ipvsadm -L -n
############################
bash lvs-dr-ssl.sh
<<<<<<<<<<<<<<<<<<<<<<<<<<<windows>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
1、浏览器导入CA证书
2、修改hosts文件
3、https://www.zhclinux.com访问
相关文章推荐
- LB lvs-nat lvs-dr 的理解及实验
- 在RHEL6.6环境下进行LVS-NAT实验(Vmware模式)
- 基于lvs-nat方式实现负载均衡
- LVS-NAT配置笔记
- LB:实用的负载均衡群集原理及实现
- LVS-NAT模型实现web服务器的负载均衡实例分析
- 服务器群集与LVS(linux虚拟服务器)模型 推荐
- LVS-NAT && LVS-DR模型
- LVS-NAT及LVS-DR实现
- LVS-NAT模式负载均衡的实现
- LVS-NAT实现discuz论坛搭建
- 1.Linux Cluster介绍+LB Cluste详解
- 29 lvs
- LVS-NAT模型实现负载均衡
- LVS--lvs-dr、lvs-nat配置(2)
- LVS负载均衡群集
- lvs-nat模型的实现 和 lvs-dr模型的实现
- 第二章 简单的UDP通讯示例
- 全面理解HTTP
- 部署网络防火墙