The windows server configures https through nginx

1. Requirements description

In order to ensure network security, all system access URLs need to be accessed in the form of https+domain name (hidden port)

2. Solutions

1. Generate the secret key and p10 certificate application through openssl (or CSR file generation tool - China Digital Certificate CHINASSL)

2. Download the certificate through the p10 certificate application on the certificate server

3. Configure proxy through nginx

3. Detailed steps

1. Windows install openssl  http://slproweb.com/products/Win32OpenSSL.html

2. Find the bin directory under the openssl installation directory and enter the cmd command (if you find it troublesome, you can configure it in the system environment variable, and you don’t need to go to the specified directory every time you execute the command)

 

3. Execute the command

generate private key

openssl  genrsa -out  E:/keystore/uat.key

 Generate certificate request

openssl req -new -key E:/keystore/uat.key -passin pass:12345 -out E:/keystore/P10.key

4. Copy the content in P10.key, log in to the certificate service website deployed by the company, paste and generate a certificate

 

 5. Put the generated cer certificate and private key uat.key in the specified directory of installed nginx

6. Configure nginx.conf

server {
        listen       443 ssl;
        server_name  xx.xx.com;

        #ssl on;
        ssl_certificate D:/nginx/conf/uat.cer;      
        ssl_certificate_key D:/nginx/conf/uat.key;
        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;
        location /{
            proxy_pass   http://127.0.0.1:8080;
        }

        #error_page  404              /404.html;

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }

 7. Start nginx and visit the https URL