• notice
  • Congratulations on the launch of the Sought Tech site

How Nginx configures SSL locally

Technical otaku 2022-05-28
0 2353

Sometimes, our formalenvironment needs configuration Httpsaccess! !

Many times, we need to get the SSLcertificate of the official environment, open a domain name, and a series of work before we can carry out our Httpsconfiguration functions.

The local development environment does not have the corresponding certificate, and it is not easy to perform related operations such as configuration and testing! !

So let's talk about how to Httpsaccess the configuration in the local development environment! !

Then let's take the nginxserver as an example! ^_^

1. Configuration steps

1.1 Generate a certificate

keytool -genkey -v -alias nginx -keyalg RSA -keystore nginx.keystore -validity 36500

alias isnginx

The keystore file isnginx.keystore

validity is valid for 36500 days

60f3924f8c7d476a9ea074515c2a33fa_tplv-k3u1fbpfcp-zoom-in-crop-mark_1304_0_0_0.jpg

According to the above figure, you can help us generate the nginx.keystorefile

1.2 Convert the certificate format

JKS2PFX.bat nginx.keystore 123456 nginx exportfile .

This JKS2PFX.batis a tool, download address

nginx.keystore, is the file we just generated

123456, is the password we just generated the nginx.keystore file and set

nginx, is the alias we just set

exportfile, is the name of the file we want to generate

., the directory where the ssl certificate is generated, indicating the current folder

3827e9136a3b499294aea543d256b949_tplv-k3u1fbpfcp-zoom-in-crop-mark_1304_0_0_0.jpg

Operation mode:
JKS2PFX.bat <KeyStore file> <KeyStore password> <Alias alias> <export file name> [directory]

The transformation produces:

9dad081c7603452986e2b8c1acc70290_tplv-k3u1fbpfcp-zoom-in-crop-mark_1304_0_0_0.jpg

We copy the two files exportfile.crt and exportfile.key to the ssl directory of nginx's conf

8f849dc427514a969bfb8a27eb30834e_tplv-k3u1fbpfcp-zoom-in-crop-mark_1304_0_0_0.jpg

1.3 Configure nginx

server {
    listen 443 ssl;
    server_name localhost;
    ssl_certificate ssl/exportfile.crt;
    ssl_certificate_key ssl/exportfile.key; 
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m; 
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_set_header Host       $host;
        proxy_pass http://localhost/;
    }
}

b4ed5d298af14be0930956376a9dc8b7_tplv-k3u1fbpfcp-zoom-in-crop-mark_1304_0_0_0.jpg

Once configured, use nginx -s reload to restart.

This configuration supports both http and https

505791fa02ba4f9ca50532a43aa7044e_tplv-k3u1fbpfcp-zoom-in-crop-mark_1304_0_0_0.jpg

Indicates that it has sslbeen configured



Tags

Technical otaku

Sought technology together

Related Topic

OpenWrt's turn off IPv6
0 7441 2
How to run cron jobs in Docker containers?
0 2831 2

0 Comments

Leave a Reply

+