As the project changed to https access, so local development time to go through the verification https, http request to send the page to avoid.
So is the case for example visit: http: //192.168.88.88: 8080 / or http: // localhost: 8080 /, now this visit: http: //hellotom.pcauto.com.cn/
First, download openssl
1. Download
openssl official website to download the list: https://slproweb.com/products/Win32OpenSSL.html
Find windows64 bit openssl, and downloads
2. Install
During installation, if prompted missing libraries, download and install good
Under Select the bin directory into openssl, and easy to find
If any give, not put Gogo removed.
Installing openssl, and look to the bin directory
Two, OpenSSL generate a certificate, key
1. Double-click openssl.exe, enter cmd.
2 generates a secret key, note that the length of insecurity 1024, so 2048 to be replaced .
genrsa -out server.key 2048
3. Generate Certificate Signing Request
req -new -key server.key -out server.csr
4. generate the certificate. The default period is 365 days, this was changed to 3650, that 10-year period, to avoid frequent replacement certificate.
x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
5. Note that, in the case of direct operation cmd, the need to add openssl before the command, as follows
6. You can see three generated files in the current directory bin
Third, configure the domain name
No DNS time, we are the ip accessed.
For domain names, you need to modify the hosts file. (I have a 64-bit computer, 32-bit hosts file locations Look for yourself)
Modify the hosts file yourself a domain name, and added to the hosts file. For example, I played the domain name is hellotom.pcauto.com.cn, my ip is 192.168.33.95.
Save the hosts file and can be accessed through the domain name. If prompted insecurity can be ignored, because it is a custom domain name.
Note that if you can not access the domain name, the domain name may be made to determine the project, such as allowing only * .pcauto.com.cn types of domain names, this time we should pay attention to the format of the domain name.
Fourth, install nginx
1. Download nginx
Official website to download the list: http://nginx.org/en/download.html
2. Extract
3. Double-click to start the nginx nginx.exe
note! There are problems during startup, you can access the logs log folder to view the log! After following modified conf configuration file, be sure to pay attention to the log information! ! !
4. In order to facilitate stop nginx, not to shut down the process in the task manager, you can create a txt text, add the following code to change the name and suffix stop.bat. To stop nginx time, double-click the file.
nginx.exe -s stop
5. If not, then restart loading a configuration file, can create a txt text, and modified and add the following code name suffix reload.bat (name can be customized, the suffix can bat)
nginx.exe -s reload
6. Create a folder ssl, the copied certificate generated above.
5, configuration https
1. Modify nginx.conf files in nginx conf directory, pay attention to back up this file.
Nginx.conf modify the file. Reference nginx documentation: http://www.nginx.cn/doc/index.html
For ease of reading, here to do some cut, the original file annotated code are deleted.
worker_processes 1;
pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
upstream WEB_APP {
server 192.168.33.95:8080;
}
server {
server_name hellotom.pcauto.com.cn;
listen 443 ssl;
listen 80;
ssl_certificate /nginx32/ssl/server.crt;
ssl_certificate_key /nginx32/ssl/server.key;
keepalive_timeout 70;
location / {
proxy_pass http://WEB_APP;
}
}
}
After modifying finished, remember to restart nginx and view the log to see if an error! ! !
2. https access
If there is a risk prompted, click Continue to this page can be risky. It can be seen already visited by https, but because it is a custom certificate, it prompts unsafe.
6, installation certificate
In order to remove the tips of insecurity, the certificate can be added to the certificate trusted.
1. Google browser
2.360 browser
Open Internet Options, click content, click the certificate, and then add the certificate.
3. reload the page
Google browsers will prompt risk, but the 360 normal browser. Notice that the green lock indicates that security.
Https local environment configuration to this end, like the friends make a point like it!