In Windows, Nginx configures SSL for Https access (including certificate generation) and nginxssl
In Windows, Nginx configures SSL for Https access (including certificate generation)
First, why is https implemented?
HTTP full name Hypertext Transfer protocol, the client obtains the hypertext content on the server accordingly. The Hypertext content is mainly HTML, and the client can parse and present the HTML content according to the specifications after obtaining the HTML content. Therefore, HTTP is mainly responsible for "content request and acquisition ". The problem lies in this part.Line Monitoring, hijacking, and blockingSuch behavior can easily lead to website leaks. Some key parameters, such as the login password, developers will perform MD5 encryption on the client. However, the confidential information carried by the Internet is far more than a password, and the search content is also sensitive information. Now, Baidu, Google, Github, and other websites have enabled https for the whole site. https is like a "Lock" for the website, and HTTPS is used to encrypt the request, to make it more secure for users. In addition to protecting the interests of users, you can also avoid your own traffic being hijacked to protect your own interests. So in my opinion, one day HTTPS will become popular across the network.
Next, go to the topic.
Note: This tutorial is suitable for students who have configured the WNMP environment and configured Virtualhost to implement multiple sites. If you have not configured it, please refer to my previous articles for configuration.
To implement Https, you must first apply for a certificate from the management organization. For this purpose, we use Openssl to generate a certificate. First, we need to use the Openssl software that generates the certificate.
Steps:
1. Install Openssl
: Http://slproweb.com/products/Win32OpenSSL.html (depending on the system select 32-bit or 64-bit version to download the installation ).
After the download is complete, install, I installed in the C: \ wnmp \ OpenSSL-Win64 folder.
2. Install ActivePerl (this software aims to parse pl files, some systems can also implement the functions of this tutorial without installation, and the purpose of installing this software is to learn perl ).
: Http://www.activestate.com/activeperl/downloads/ (download the installation from win32 or win64, depending on the system ).
3. Configure Environment Variables
Add environment variables to Environment Variables
Variable name: OPENSSL_HOME variable value: C: \ wnmp \ OpenSSL-Win64 \ bin; (variable value: openssl installation location)
Add the following at the end of the path variable: % OPENSSL_HOME %;
4. Generate a certificate
(1) Create an ssl folder in the nginx installation directory to store certificates. For example, my file directory is C: \ wnmp \ nginx \ ssl
Enter the command line mode as an administrator and enter the ssl folder. Command:Cd c:/wnmp/nginx/ssl
(2) create a private key
Run the following command in the command line:Openssl genrsa-des3-out lee. key 1024(Lee file names can be customized), as shown in:
Enter the password again. Remember this password, which will be used later.
(3) create a csr Certificate
Run the following command in the command line:Openssl req-new-key lee. key-out lee. csr(The key file is the generated file, and lee is the custom file name)
As shown in, after executing the preceding command, you need to enter information.The most important input information is the Common Name. The entered domain Name is the domain Name we want to access over https.
After the preceding steps are completed, two files are displayed in the ssl Folder:
(4) Remove the password.
Remove the required password when loading SSL-supported Nginx and using the above private key. Otherwise, you need to enter the password when starting nginx.
Copy lee. key and rename it lee.key.org
You can use this command line or the mouseCopy lee. key lee.key.org
Remove the password and execute the following command in the command line:Openssl rsa-in lee.key.org-out lee. key(Lee is the custom file name)
As shown in, enter the password you just set for this command.
(5) generate a crt Certificate
Execute this command in the command line:Openssl x509-req-days 365-in lee. csr-signkey lee. key-out lee. crt(Lee is the custom file name)
After the certificate is generated, the ssl folder contains the following four files: lee. crt and lee. key.
5. Modify the nginx. conf file
The nginx. conf file is located at: C: \ wnmp \ nginx \ conf
Find the location of the following code in the file and modify it:
# HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #}
To:
# HTTPS server ##modify by lee 20160907 for https -s server { listen 443 ssl; server_name www.lee.com; ssl_certificate C:/wnmp/nginx/ssl/lee.crt; ssl_certificate_key C:/wnmp/nginx/ssl/lee.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { root C:/wnmp/lee; index index.html index.htm index.php; } root C:/wnmp/lee; fastcgi_pass 127.0.0.1:9001; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } }#modify by lee 20160907 for https -s
Restart nginx.
In a browser, access the https://www.lee.com. Certificate authentication is found and can be accessed successfully. (Www.lee.com indicates the domain Name entered by the Common Name when the certificate is generated)
(During this step, you must configure the Virtual Host and add the index. php default entry to the Open Directory www.lee.com to access the file .)
The above https is highlighted in red because we use a self-generated certificate, which is not trusted by the browser. If you want to make it green, you need to apply to the Certificate Authority.
6. Add redirection and Use https for automatic redirect.
Add a line of code in the following code location in the virtual host in nginx. conf:
listen 80; server_name www.lee.com; #modify by lee 20160907 for https Redirect -s rewrite ^(.*) https://$server_name$1 permanent; #modify by lee 20160907 for https Redirect -e
Restart nginx.
Access www.lee.com, you will find that the browser automatically jump to the https://www.lee.com, and can successfully access.
Now, the https access configuration is successfully completed.
If you have any questions, please leave a message. If you have any questions, please correct them.
Reference: http://blog.csdn.net/ztclx2010/article/details/6896336