我的系統是OpenEuler。

• 安裝nginx

yum install -y nginx

• 啟動&開機啟動

systemctl start nginx
systemctl enable nginx

• 自定義conf配置文件

cat <<EOF >> /etc/nginx/conf.d/load_balancer.conf
upstream backend {ip_hash; # 防止驗證碼驗證失敗server 192.168.1.150:443;server 192.168.1.153:443;
}server {listen 80;# 使用 IP 地址作為 server_nameserver_name 192.168.1.155;# 將 HTTP 請求重定向到 HTTPSreturn 301 https://$host$request_uri;# 日志配置access_log /var/log/nginx/192.168.1.155_http_access.log;error_log /var/log/nginx/192.168.1.155_http_error.log;
}server {listen 443 ssl;# 使用 IP 地址作為 server_nameserver_name 192.168.1.155;# SSL 證書配置，使用自簽名證書ssl_certificate /opt/crt/server.crt;ssl_certificate_key /opt/crt/server.key;# SSL 優化配置ssl_protocols TLSv1.2 TLSv1.3;ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;ssl_prefer_server_ciphers on;# 日志配置access_log /var/log/nginx/192.168.1.155_https_access.log;error_log /var/log/nginx/192.168.1.155_https_error.log;# 錯誤處理配置error_page 404 /404.html;error_page 500 502 503 504 /50x.html;location = /404.html {root /usr/share/nginx/html;}location = /50x.html {root /usr/share/nginx/html;}location / {proxy_pass https://backend;proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto $scheme;# 處理 HTTPS 相關配置proxy_ssl_server_name on;}
}
EOF

• 檢查配置文件的語法是否正確

nginx -t

• 重新加載 Nginx 配置?

nginx -s reload

• OpenSSL 生成自簽名證書

openssl genpkey -algorithm RSA -out server.key -pkeyopt rsa_keygen_bits:2048openssl req -new -key server.key -out server.csr #【這一步建議綁定ip】openssl x509 -req -in server.csr -signkey server.key -out server.crt -days 36500

• 開啟443端口?

firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --reload

• 驗證?

curl -k https://192.168.1.155