1. Requirements description
In order to ensure network security, all system access URLs need to be accessed in the form of https+domain name (hidden port)
2. Solutions
1. Generate the secret key and p10 certificate application through openssl (or CSR file generation tool - China Digital Certificate CHINASSL)
2. Download the certificate through the p10 certificate application on the certificate server
3. Configure proxy through nginx
3. Detailed steps
1. Windows install openssl http://slproweb.com/products/Win32OpenSSL.html
2. Find the bin directory under the openssl installation directory and enter the cmd command (if you find it troublesome, you can configure it in the system environment variable, and you don’t need to go to the specified directory every time you execute the command)
3. Execute the command
generate private key
openssl genrsa -out E:/keystore/uat.key
Generate certificate request
openssl req -new -key E:/keystore/uat.key -passin pass:12345 -out E:/keystore/P10.key
4. Copy the content in P10.key, log in to the certificate service website deployed by the company, paste and generate a certificate
5. Put the generated cer certificate and private key uat.key in the specified directory of installed nginx
6. Configure nginx.conf
server {
listen 443 ssl;
server_name xx.xx.com;
#ssl on;
ssl_certificate D:/nginx/conf/uat.cer;
ssl_certificate_key D:/nginx/conf/uat.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
location /{
proxy_pass http://127.0.0.1:8080;
}
#error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
7. Start nginx and visit the https URL