Nginx cluster SSL Certificate WebApi microservice, nginxwebapi

Nginx cluster SSL Certificate WebApi microservice, nginxwebapi

Directory

1 General idea... 1

2. WebApi microservice for SSL certificates of Nginx clusters... 1

3 HTTP and HTTPS (SSL protocol)... 1

4. generate an SSL certificate using Openssl... 2

5. Compile. NET WebApi 3

6. Deploy webapis to three PCs in the LAN... 5

7. Nginx cluster configuration and setup... 6

8 running results... 8

9 Conclusion... 9

1. General idea

L WebApi microservice for SSL certificates of Nginx Clusters

L HTTP and HTTPS (SSL protocol)

L Openssl generate an SSL Certificate

L compile. NET WebApi

L deploy WebApi to three PCs in the LAN

L Nginx cluster configuration and Setup

L running result

L Summary

2. WebApi microservice for SSL certificates in Nginx Clusters

The Nginx cluster is a. NET WebApi that provides one of the load balancing methods, and also adds SSL authentication to ensure that webapis can respond in encrypted form. Nginx uses the SSL module to support HTTPS configuration. Of course, it also allows both HTTP and HTTPS to coexist (only the listen 80 listening port needs to be added ), in this article, HTTP access is redirected to HTTPS.

The main structure diagram described in this article is as follows:

The client accesses the Nginx domain name zhyongfeng.com, then performs load balancing on Nginx, and returns the https response. Shows the WepApi microservice architecture of the SSL Certificate of the Nginx cluster:

 

3. HTTP and HTTPS (SSL protocol)

HTTP (HyperText Transfer Protocol) is the most widely used network Protocol on the Internet. All WWW files must comply with this standard.

HTTPS (Secure Hypertext Transfer Protocol) Secure Hypertext Transfer Protocol: it is a Secure communication channel developed based on HTTP and used to exchange information between client computers and servers, it uses Secure Sockets Layer (SSL) for information exchange. In short, it is a secure version of HTTP.

 

Differences between HTTPS and HTTP:

L for https protocol, you need to apply for a certificate from the ca. Generally, there are few free certificates and you need to pay the fee.

L http is Hypertext Transfer Protocol, information is transmitted in plaintext, and https is a secure ssl encrypted transmission protocol.

L http and https use different ports for completely different connection methods. The former is 80, and the latter is 443.

L The http connection is simple and stateless.

L HTTPS is a network protocol built by SSL + HTTP for encrypted transmission and identity authentication, which is more secure than http.

 

4. generate an SSL certificate using Openssl

OpenSSL is a secure socket-layer cryptographic library that includes major cryptographic algorithms, common keys, certificate encapsulation management functions, and SSL protocols. It also provides a wide range of applications for testing or other purposes.

In this article, the Visualbox virtual machine is installed and the Linux Ubuntu system is installed. Therefore, the built-in openssl is used. The command line for generating the SSL certificate is as follows:

(For Windows, you can download https://www.openssl.org/source/and use activeperlto install OpenSSL ):

Independently issues an SSL certificate that is not trusted by the browser. The SSL certificate is an RSA key.

zhyongfeng@zhyongfeng-VirtualBox:~$ openssl genrsa -des3 -out server.key 1024

Copy a key file that does not require password input

zhyongfeng@zhyongfeng-VirtualBox:~$ openssl rsa -in server.key -out server_nopass.key

When you generate a certificate request, you will be prompted to enter the province, city, domain name information, etc. What is important is that email must be your domain name suffix. In this way, there is a csr file, which is the csr file when it is submitted to the ssl provider.

zhyongfeng@zhyongfeng-VirtualBox:~$ openssl req -new -key server.key -out server.csr

Self-issuing certificate

zhyongfeng@zhyongfeng-VirtualBox:~$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out

As shown in:

5. Compile. NET WebApi

UserController. cs

using System.Net;
using System.Web.Http;

namespace SSLWebApi.Controllers
{
    [RoutePrefix ("api / User")]
    public class UserController: ApiController
    {
        /// <summary>
        /// Get current user information
        /// </ summary>
        /// <param name = "msg"> </ param>
        /// <returns> </ returns>
        [HttpPost]
        [Route ("PostMessage")]
        public string PostMessage ([FromBody] string msg)
        {
            return string.Format ("The current input message is: {0}", msg);
        }

        [Route ("GetMachine")]
        public string GetMachine ()
        {
            string AddressIP = string.Empty;
            foreach (IPAddress _IPAddress in Dns.GetHostEntry (Dns.GetHostName ()). AddressList)
            {
                if (_IPAddress.AddressFamily.ToString () == "InterNetwork")
                {
                    AddressIP = _IPAddress.ToString ();
                }
            }
            return string.Format ("The current system IP is: {0}", AddressIP);
        }
    }
}
Install Microsoft.AspNet.WebApi.HelpPage

Register the HelpPage page:

Global.asax

using System.Web.Http;
using System.Web.Mvc;

namespace SSLWebApi
{
    public class WebApiApplication: System.Web.HttpApplication
    {
        protected void Application_Start ()
        {
            // Register HelpPage
            AreaRegistration.RegisterAllAreas ();
            GlobalConfiguration.Configure (WebApiConfig.Register);
        }
    }
}
 After compilation as follows:

 

6 Deploy WebApi to 3 PCs in LAN
Deploy WebApi to the following 3 PCs at 10.92.202.56

 

7 Nginx cluster configuration and construction
Through self-ism domain name zhyongfeng.com: port 80 for load balancing cluster access, then visit C: \ Windows \ System32 \ drivers \ etc \ hosts, add the following "local IP custom domain name"

10.93.85.66 zhyongfeng.com
Nginx's localhost configuration is as follows:

worker_processes 1;
events {
    worker_connections 1024;
}
http {
    include mime.types;
    default_type application / octet-stream;
    sendfile on;
    keepalive_timeout 65;
    # HTTPS server
    server {
        listen 443 ssl;
        server_name localhost;
        ssl_certificate server.crt;
        ssl_certificate_key server_nopass.key;
        location / {
            root html;
            index index.html index.htm;
        }
    }
}
Nginx cluster configuration:

#user nobody;
worker_processes 1;
events {
    worker_connections 1024;
}

http {
    include mime.types;
    default_type application / octet-stream;
    sendfile on;
    keepalive_timeout 65;
    #server {
    # listen 80;
    # server_name localhost;
    # location / {
    # root html;
    # index index.html index.htm;
    #}
    # error_page 500 502 503 504 /50x.html;
    # location = /50x.html {
    # root html;
    #}
    #}

    upstream zhyongfeng.com {
        server 10.92.202.56:560;
        server 10.92.202.57:570;
        server 10.92.202.58:580;
    }
    server {
        listen 80;
        server_name zhyongfeng.com;
        rewrite ^ (. *) $ https: // $ host $ 1 permanent;
    }
    # HTTPS server
    ##
    server {
        listen 443 ssl;
        server_name zhyongfeng.com;
        ssl_certificate server.crt;
        ssl_certificate_key server_nopass.key;
    # ssl_session_cache shared: SSL: 1m;
    # ssl_session_timeout 5m;
    # ssl_ciphers HIGH:! aNULL:! MD5;
    # ssl_prefer_server_ciphers on;
        location / {
            proxy_pass http://zhyongfeng.com;
        }
    }
}
Run CMD:

D: \ DTLDownLoads \ nginx-1.10.2> start nginx

D: \ DTLDownLoads \ nginx-1.10.2> nginx -s reload
8 Operation result
Nginx localhost configuration operation results:

Nginx cluster configuration operation results:

 

9 Summary
Nginx uses the SSL module to support WebApi's https access, increasing access security. For the SSL module, please refer to the SSL * module of Nginx Chinese document http://www.nginx.cn/doc/. WebApi is based on the encryption of SSL protocol data transmission to ensure the security of communication. The functions of SSL include the establishment of a secure data channel between the server and the client, and the server's authentication of the client's identity (such as public and private keys).

 

Source code download:

http://download.csdn.net/download/ruby_matlab/10138057

 

PDF download:

WebApi microservice of SSL certificate for Nginx cluster.pdf