本文共 3980 字,大约阅读时间需要 13 分钟。
<<<<<<<<<<<<<<<<<<<Real Server1>>>>>>>>>>>>>>>>>>>>>>>>
CentOS 6 VMnet2 setup 192.168.20.10 255.255.255.0 192.168.20.1 ############## service network restart ifconfig echo "web server 1" > /var/www/html/index.html service httpd start <<<<<<<<<<<<<<<<<<<Real Server2>>>>>>>>>>>>>>>>>>>>>>>> CentOS 6 VMnet2 setup 192.168.20.11 255.255.255.0 192.168.20.1 ########## service network restart ifconfig echo "web server 2" > /var/www/html/index.html service httpd start curl http://192.168.20.10 <<<<<<<<<<<<<<<<<<<Director>>>>>>>>>>>>>>>>>>>>>>>> CentOS 7 网卡1:桥接模式 网卡2:VMnet2 systemctl stop firewalld setenforce 0 vim /etc/sysctl.conf net.ipv4.ip_forward = 1 ################ sysctl -p ifconfig cd /etc/sysconfig/network-scripts/ cp ifcfg-eno16777736 ifcfg-eno33554984 vim ifcfg-eno33554984 TYPE=Ethernet BOOTPROTO=static IPADDR=192.168.20.1 NETMASK=255.255.255.0 DEFROUTE=yes PEERDNS=yes PEERROUTES=yes IPV4_FAILURE_FATAL=no IPV6INIT=no IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_PEERDNS=yes IPV6_PEERROUTES=yes IPV6_FAILURE_FATAL=no NAME=eno33554984 DEVICE=eno33554984 ONBOOT=yes ################### systemctl restart network ifconfig curl http://192.168.20.10 curl http://192.168.20.11 cd mount /dev/cdrom /mnt/cdrom/ yum -y install ipvsadm vim ipvsadm.sh #!/bin/bash # ipvsadm -C ipvsadm -A -t 172.16.249.124:80 -s rr ipvsadm -a -t 172.16.249.124:80 -r 192.168.20.10 -m ipvsadm -a -t 172.16.249.124:80 -r 192.168.20.11 -m ################ bash ipvsadm.sh ipvsadm -L -n ######################### https ################################ ######################### https ################################ <<<<<<<<<<<<<<<<<<<CA (Director)>>>>>>>>>>>>>>>>>>>>>>>> date cd /etc/pki/CA (umask 077;openssl genrsa -out private/cakey.pem 2048) openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 10000 CN GuangDong ShenZhen zhclinux ca ca.zhclinux.com cadmin@zhclinux.com <<<<<<<<<<<<<<<<<<<< Real Server1 >>>>>>>>>>>>>>>>>>>>>>>>>> date cd /etc/httpd mkdir ssl cd ssl (umask 077;openssl genrsa -out httpd.key 2048) openssl req -new -key httpd.key -out httpd.csr -days 365 CN GuangDong ShenZhen zhclinux web www.zhclinux.com webadmin@zhclinux.com scp httpd.csr root@192.168.20.1:/root (如果scp过程需要等待很久,则设置192.168.20.1:/etc/ssh/sshd_config: GSSAPIAuthentication no) <<<CA签署证书>>> openssl ca -in /root/httpd.csr -out certs/www.zhclinux.com.crt -days 365 scp certs/www.zhclinux.com.crt root@192.168.20.10:/etc/httpd/ssl/ <<<Real Server1设置使用证书>>> httpd -M | grep ssl yum -y install mod_ssl vim /etc/httpd/conf.d/ssl.conf <VirtualHost *:443> ServerName www.zhclinux.com SSLCertificateFile /etc/httpd/ssl/www.zhclinux.com.crt SSLCertificateKeyFile /etc/httpd/ssl/httpd.key ############### service httpd restart <<<<<<<<<<<<<<<<<<<<Real Server2>>>>>>>>>>>>>>>>>>>>>>>>>> date cd /etc/httpd mkdir ssl cd ssl (umask 077;openssl genrsa -out httpd.key 2048) openssl req -new -key httpd.key -out httpd.csr -days 365 CN GuangDong ShenZhen zhclinux web www.zhclinux.com webadmin@zhclinux.com ################### scp httpd.csr root@192.168.20.1:/root <<<CA签署证书>>> openssl ca -in /root/httpd.csr -out certs/www.zhclinux.com.crt -days 365 scp certs/www.zhclinux.com.crt root@192.168.20.11:/etc/httpd/ssl/ <<<Real Server2设置使用证书>>> httpd -M | grep ssl yum -y install mod_ssl vim /etc/httpd/conf.d/ssl.conf <VirtualHost *:443> ServerName www.zhclinux.com SSLCertificateFile /etc/httpd/ssl/www.zhclinux.com.crt SSLCertificateKeyFile /etc/httpd/ssl/httpd.key ############### service httpd restart <<<<<<<<<<<<<<<<<<<Director>>>>>>>>>>>>>>>>>>>>>>>> vim ipvsadm.sh #!/bin/bash # ipvsadm -C ipvsadm -A -t 172.16.249.124:443 -s rr ipvsadm -a -t 172.16.249.124:443 -r 192.168.20.10:443 -m ipvsadm -a -t 172.16.249.124:443 -r 192.168.20.11:443 -m ipvsadm -L -n ############################ bash lvs-dr-ssl.sh <<<<<<<<<<<<<<<<<<<<<<<<<<<windows>>>>>>>>>>>>>>>>>>>>>>>>>>>>> 1、浏览器导入CA证书 2、修改hosts文件 3、https://www.zhclinux.com访问