CentOS7 Nginx Https和反向代理以及文件共享服务部署简录

在办公测试环境搭建一台nginx服务器,通过网络共享安装文件的下载、nexus私服和gitlab代码
因为这些文件较为重要,因此走https协议,并且更改默认443端口

HOSTNAME=nginx
hostnamectl set-hostname "$HOSTNAME"
echo "$HOSTNAME">/etc/hostname
echo "$(grep -E '127|::1' /etc/hosts)">/etc/hosts
echo "$(ip a|grep "inet "|grep -v 127|awk -F'[ /]' '{print $6}') $HOSTNAME">>/etc/hosts

cat >/etc/yum.repos.d/nginx.repo<<EOF
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/\$basearch/
gpgcheck=0
enabled=1
EOF
yum -y install nginx
systemctl enable nginx

mkdir -p /etc/nginx/ssl
cd /etc/nginx/ssl
openssl genrsa -out "/etc/nginx/ssl/server.key" 2048
openssl req -new \
  -key "/etc/nginx/ssl/server.key" \
  -out "/etc/nginx/ssl/server.csr"
openssl x509 -req -days 365 \
  -in "/etc/nginx/ssl/server.csr" \
  -signkey "/etc/nginx/ssl/server.key" \
  -out "/etc/nginx/ssl/server.crt"
chmod 600 *

cd /usr/share/nginx/html
rm -rf *
# 创建目录,上传需要共享的文件到该目录之下

cat >/etc/nginx/conf.d/default.conf<<EOF
server{
        listen 10194;
        ssl on;
        ssl_certificate /etc/nginx/ssl/server.crt;
        ssl_certificate_key /etc/nginx/ssl/server.key;
        # ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        server_name wget.vincent.com;
        location / {
            root  /usr/share/nginx/html;
            autoindex on;
            autoindex_exact_size off;
            autoindex_localtime on;
        }
}

upstream nexus {
    server 192.168.77.110:8080;
    # server IP2:PORT2 weight=10;
}
server{
        listen 10194;
        ssl on;
        ssl_certificate /etc/nginx/ssl/server.crt;
        ssl_certificate_key /etc/nginx/ssl/server.key;
        # ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        server_name nexus.vincent.com;
        location / {
            proxy_pass http://nexus;
            index index.html index.htm;
        }
}

upstream gitlab {
    server 192.168.77.100;
    # server IP2:PORT2 weight=10;
}
server{
        listen 10194;
        ssl on;
        ssl_certificate /etc/nginx/ssl/server.crt;
        ssl_certificate_key /etc/nginx/ssl/server.key;
        # ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        server_name gitlab.vincent.com;
        location / {
            proxy_pass http://gitlab;
            index index.html index.htm;
        }
}

EOF
systemctl restart nginx

# 简单测试:
# 修改测试主机的hosts文件,对使用到的三个域名做静态解析,浏览器使用https访问相应域名测试可用性

[TOC]

你可能感兴趣的:(DevOps和生产中间件)