![\"file\"](\"https:\/\/egonlin.com\/wp-content\/uploads\/2024\/03\/image-1711641485963.png\")
<\/div><\/p>\n\u5b89\u88c5\u8fc7\u7a0b\u8bf7\u627e\u811a\u672c\n[root@localhost ~]# mkdir \/etc\/pki\/CA\n[root@localhost ~]# cd \/etc\/pki\/CA\/\n[root@localhost CA]# mkdir private\n[root@localhost CA]# (umask 077;openssl genrsa -out private\/cakey.pem 2048)\nGenerating RSA private key, 2048 bit long modulus (2 primes)\n..............+++++\n.................+++++\ne is 65537 (0x010001)\n[root@localhost CA]# openssl req -new -x509 -key private\/cakey.pem -out cacert.pem -days 365\nYou are about to be asked to enter information that will be incorporated\ninto your certificate request.\nWhat you are about to enter is what is called a Distinguished Name or a DN.\nThere are quite a few fields but you can leave some blank\nFor some fields there will be a default value,\nIf you enter '.', the field will be left blank.\n-----\nCountry Name (2 letter code) [XX]:CN\nState or Province Name (full name) []:HB\nLocality Name (eg, city) [Default City]:WH\nOrganization Name (eg, company) [Default Company Ltd]:ZDJ\nOrganizational Unit Name (eg, section) []:ZDJ\nCommon Name (eg, your name or your server's hostname) []:zdj.com\nEmail Address []:1@2.com\n[root@localhost CA]# mkdir certs newcerts crl\n[root@localhost CA]# touch index.txt && echo 01 > serial\n[root@localhost CA]# (umask 077;openssl genrsa -out httpd.key 2048)\nGenerating RSA private key, 2048 bit long modulus (2 primes)\n................+++++\n...................+++++\ne is 65537 (0x010001)\n[root@localhost CA]# openssl req -new -key httpd.key -days 365 -out httpd.csr\nIgnoring -days; not generating a certificate\nYou are about to be asked to enter information that will be incorporated\ninto your certificate request.\nWhat you are about to enter is what is called a Distinguished Name or a DN.\nThere are quite a few fields but you can leave some blank\nFor some fields there will be a default value,\nIf you enter '.', the field will be left blank.\n-----\nCountry Name (2 letter code) [XX]:CN\nState or Province Name (full name) []:HB\nLocality Name (eg, city) [Default City]:WH\nOrganization Name (eg, company) [Default Company Ltd]:ZDJ\nOrganizational Unit Name (eg, section) []:ZDJ\nCommon Name (eg, your name or your server's hostname) []:zdj.com\nEmail Address []:1@2.com\n\nPlease enter the following 'extra' attributes\nto be sent with your certificate request\nA challenge password []:123456\nAn optional company name []:\n[root@localhost CA]# openssl ca -in httpd.csr -out httpd.crt -days 365\nUsing configuration from \/etc\/pki\/tls\/openssl.cnf\nCheck that the request matches the signature\nSignature ok\nCertificate Details:\n Serial Number: 1 (0x1)\n Validity\n Not Before: Jun 14 14:32:35 2021 GMT\n Not After : Jun 14 14:32:35 2022 GMT\n Subject:\n countryName = CN\n stateOrProvinceName = HB\n organizationName = ZDJ\n organizationalUnitName = ZDJ\n commonName = zdj.com\n emailAddress = 1@2.com\n X509v3 extensions:\n X509v3 Basic Constraints: \n CA:FALSE\n Netscape Comment: \n OpenSSL Generated Certificate\n X509v3 Subject Key Identifier: \n 2A:55:39:2C:01:07:0A:ED:D2:43:57:0C:65:04:C1:20:A8:F6:E4:53\n X509v3 Authority Key Identifier: \n keyid:1B:81:BC:B9:AA:11:D6:68:22:5E:D5:C6:33:E4:AB:25:A9:37:4C:31\n\nCertificate is to be certified until Jun 14 14:32:35 2022 GMT (365 days)\nSign the certificate? [y\/n]:y\n\n1 out of 1 certificate requests certified, commit? [y\/n]y\nWrite out database with 1 new entries\nData Base Updated\n<\/code><\/pre>\n\u521b\u5efa\u6d4b\u8bd5index.html<\/p>\n
[root@R1 CA]# echo "R1" >\/usr\/local\/apache\/htdocs\/index.html\n\n[root@R2 ~]# echo "R2" >\/usr\/local\/apache\/htdocs\/index.html \n<\/code><\/pre>\n\u5173\u95ed\u4e09\u53f0\u673a\u5b50\u7684\u9632\u706b\u5899<\/p>\n
[root@lb ~]# systemctl disable --now firewalld\n[root@lb ~]# setenforce 0\n\n[root@R1 CA]# systemctl disable --now firewalld\n[root@R1 CA]# setenforce 0\n\n[root@R2 ~]# systemctl disable --now firewalld\n[root@R2 ~]# setenforce 0\n<\/code><\/pre>\n\u5728\u8c03\u5ea6\u5668\u4e0a\u5f00\u542fIP\u8f6c\u53d1\u529f\u80fd<\/p>\n
[root@lb ~]# echo "net.ipv4.ip_forward = 1" >> \/etc\/sysctl.conf \n[root@lb ~]# sysctl -p\nnet.ipv4.ip_forward = 1<\/code><\/pre>\n\u5728\u8c03\u5ea6\u5668\u4e0a\u6dfb\u52a0\u5e76\u4fdd\u6301\u89c4\u5219<\/p>\n
[root@lb ~]# ipvsadm -A -t 192.168.100.123:80 -s rr\n[root@lb ~]# ipvsadm -a -t 192.168.100.123:80 -r 192.168.98.77:80 -m\n[root@lb ~]# ipvsadm -a -t 192.168.100.123:80 -r 192.168.98.88:80 -m\n[root@lb ~]# ipvsadm -A -t 192.168.100.123:443 -s rr\n[root@lb ~]# ipvsadm -a -t 192.168.100.123:443 -r 192.168.98.77:443 -m\n[root@lb ~]# ipvsadm -a -t 192.168.100.123:443 -r 192.168.98.88:443 -m\n[root@lb ~]# ipvsadm -Sn > \/etc\/sysconfig\/ipvsadm\n[root@lb ~]# cat \/etc\/sysconfig\/ipvsadm\n-A -t 192.168.100.123:80 -s rr\n-a -t 192.168.100.123:80 -r 192.168.98.77:80 -m -w 1\n-a -t 192.168.100.123:80 -r 192.168.98.88:80 -m -w 1\n-A -t 192.168.100.123:443 -s rr\n-a -t 192.168.100.123:443 -r 192.168.98.77:443 -m -w 1\n-a -t 192.168.100.123:443 -r 192.168.98.88:443 -m -w 1<\/code><\/pre>\n\u8bbe\u7f6e\u5f00\u673a\u81ea\u542f<\/p>\n
[root@lb ~]# systemctl enable ipvsadm\nCreated symlink \/etc\/systemd\/system\/multi-user.target.wants\/ipvsadm.service \u2192 \/usr\/lib\/systemd\/system\/ipvsadm.service.\n[root@lb ~]# echo "ipvsadm -R < \/etc\/sysconfig\/ipvsadm" >>\/etc\/rc.d\/rc.local\n<\/code><\/pre>\n\u5c06RIP\u7684\u7f51\u5173\u90fd\u6307\u5411DIP<\/p>\n
[root@R1 CA]# cat \/etc\/sysconfig\/network-scripts\/ifcfg-ens33 \nTYPE=Ethernet\nBOOTPROTO=static\nNAME=ens33\nDEVICE=ens33\nONBOOT=yes\nIPADDR=192.168.98.77\nPREFIX=24\nGATEWAY=192.168.98.123\nDNS1=114.114.114.114\n\n[root@R2 htdocs]# cat \/etc\/sysconfig\/network-scripts\/ifcfg-ens33 \nTYPE=Ethernet\nBOOTPROTO=static\nNAME=ens33\nDEVICE=ens33\nONBOOT=yes\nIPADDR=192.168.98.88\nPREFIX=24\nGATEWAY=192.168.98.123\nDNS1=114.114.114.114\n<\/code><\/pre>\n\u6d4b\u8bd5\u6548\u679c<\/p>\n
[root@lb ~]# curl 192.168.100.123\nR1\n[root@lb ~]# curl 192.168.100.123\nR2\n[root@lb ~]# curl 192.168.100.123\nR1\n[root@lb ~]# curl 192.168.100.123\nR2\n<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"nat\u6a21\u5f0f\u5b9e\u73b0http\u548chttps\u4e24\u79cd\u8d1f\u8f7d\u5747\u8861\u96c6\u7fa4\uff0c\u6bcf\u4e2aRS\u90fd\u8981\u63d0\u4f9b\u540c\u4e00\u4e2a\u79c1\u94a5\u548c\u540c\u4e00\u4e2a\u8bc1\u4e66 \u5b89\u88c5\u8fc7\u7a0b\u8bf7\u627e\u811a\u672c […]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/egonlin.com\/index.php?rest_route=\/wp\/v2\/posts\/9315"}],"collection":[{"href":"https:\/\/egonlin.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/egonlin.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/egonlin.com\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/egonlin.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9315"}],"version-history":[{"count":1,"href":"https:\/\/egonlin.com\/index.php?rest_route=\/wp\/v2\/posts\/9315\/revisions"}],"predecessor-version":[{"id":9317,"href":"https:\/\/egonlin.com\/index.php?rest_route=\/wp\/v2\/posts\/9315\/revisions\/9317"}],"wp:attachment":[{"href":"https:\/\/egonlin.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9315"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/egonlin.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9315"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/egonlin.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9315"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}