Configure nginx to forward https on windows
1. Demand analysis
In the working environment, I use the cloud desktop (win10) for development. The environment of the cloud desktop is a bit stretched. Now I will transfer some of the jobs that can be completed on the local computer. Now, I will transplant the use of WebSphere to the local computer. Then you need to install ngixn software in the cloud desktop and modify related configurations.
2. Prerequisites
It is not possible to log in to WebSphere on the local computer, but it is possible to log in to WebSphere in the cloud desktop, and the WebSphere URL uses the https protocol. So that when the URL is entered on the local computer, the network direction is first passed through the nginx proxy and then forwarded to the service deployed by WebSphere.
3. Generate a certificate
3.1. Software
- First, download the OpenSSL software according to the version of the cloud desktop system to generate an ssl certificate in the cloud desktop.
- After installing the software, configure environment variables
3.2. Apply for a certificate
- Create a folder in the cloud desktop to store the certificate, open cmd with administrator privileges in this folder or
Windows PowerShell - First create the private key
# 创建私钥 名称随便取
PS C:\ssl> openssl genrsa -des3 -out nginx.key 1024
openssl genrsa : 用来生成 RSA 私有密钥,公有密钥提取自私有密钥
-des3 : 使用 DES 对生成的私有密钥进行加密
-out nginx.key : 将生成的密钥指定到文件中
1024 : 密钥的长度,秘钥长度越长越安全,但解密加密所耗费的时间也会越长
Enter PEM pass phrase: and Verifying - Enter PEM pass phrase: This is to set a password for the private key and confirm the password.
- Extract the public key from the private key
# 复制一份私钥
PS C:\ssl> cp .\nginx.key .\nginx.key.org
# 提取公钥
PS C:\ssl> openssl rsa -in nginx.key.org -out nginx.key
openssl rsa : 从私钥中提取公钥
-in nginx.key.org : 指定输入的密钥文件
-out nginx.key : 指定提取生成公钥的文件
Enter pass phrase for nginx.key.org: After entering the password, the command displays writing RSA key, which means the extraction is successful.
- create csr file
# 创建csr文件 名称随便取
PS C:\ssl> openssl req -new -key nginx.key -out nginx.csr
openssl req -new : 生成证书请求文件
-key nginx.key : 指定已有的秘钥用于生成秘钥请求,"-key"只与生成证书请求"-new"选项配合使用
-out nginx.csr : 指定生成的证书请求名称
After the above command is entered, fill in the following information:
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:province pinyin, such as SiChuan
Locality Name (eg, city) [Default City]:city pinyin, such as ChengDu
Organization Name (eg, company) [Default Company Ltd]:company name pinyin, such as BaiDu
Organizational Unit Name (eg, section) []:pinyin of your company's department, such as YanFa
Common Name (eg, your name or your server's hostname) []:domain name or ip, such as 192.168.5.200
Email Address []:email address
among them the most important isCommon NameInformation, fill in the IP4 address of the cloud desktop.
- create crt certificate
# 生成crt证书 名称随便取
PS C:\ssl> openssl x509 -req -days 365 -in nginx.csr -signkey nginx.key -out nginx.crt
openssl x509 : 生成自签名证书
-req : 输入是一个证书请求
-days 365 : 设置证书的有效期时间,默认30天
-in nginx.csr : 指定证书输入文件,若同时指定了"-req"选项,则表示输入文件为证书请求文件;自签证书的输入文件"-in file"的file可以是证书请求文件,也可以是已签署过的证书。
-signkey nginx.key : 该选项用于提供自签证书时的密钥文件
-out nginx.crt : 指定输出文件
After completing the above steps, there are 4 files in the folder where the certificate is stored:
4. Modify the configuration
Under the condition that nginx is installed correctly, modify the corresponding position of nginx.conf file and cancel the comment of ssl.
listen : nginx 监听的端口
server_name : 浏览器中要输入域名IP
ssl_certificate : 证书的存放路径
ssl_certificate_key : 密钥的存放路径
proxy_pass : 服务器端IP及部署的项目访问端口
Modify the corresponding configuration and restart nginx.