Centos8 Nginx负载均衡

2020-08-1104:38:37
评论
1,409 1269字
Centos8 Nginx负载均衡

# 配置文件事例:


upstream node {
       ip_hash;
       server 155.235.129.84:80 weight=2 max_fails=3 fail_timeout=15; # 如果有3次请求失败,15秒内,不会将新的请求分配给它。
       server 198.100.147.187:80 weight=3;  # 3/6次
      server example.com:80 weight=1;  # 1/6次
      #server 198.100.147.187:80 backup; # 当全部都挂了后使用 
      #server 198.100.147.187:80 down; # 不参与轮训


}



server {
        listen                  443 ssl http2;
        listen                  [::]:443 ssl http2;
        server_name     ss.pealog.com;

        location / {
            proxy_pass   http://node;
            proxy_set_header        Host    $host;
            proxy_set_header        X-Real-IP       $remote_addr;
            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        }


        ssl_certificate /etc/nginx/conf.d/zb.pealog.com.crt;
        ssl_certificate_key /etc/nginx/conf.d/zb.pealog.com.key;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;     #指定SSL服务器端支持的协议版本
        ssl_ciphers 'TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5';
        ssl_prefer_server_ciphers   on;    #在使用SSLv3和TLS协议时指定服务器的加密算法要优先于客户端的加密算法
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;preload" always; # # 启用 HSTS
        add_header X-Frame-Options DENY;  # 减少点击劫持
        add_header X-Content-Type-Options nosniff;  # 禁止服务器自动解析资源类型
        add_header X-Xss-Protection 1; # 防XSS攻擊
        

}
豌豆日志
  • 本文由 发表于 2020-08-1104:38:37
  • 转载请务必保留本文链接:https://pealog.com/255.html
匿名

发表评论

匿名网友 填写信息

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: