Vincent. Windows Nginx Configuration SSL for HTTPS access (including certificate generation)
Windows Nginx configuration SSL for HTTPS access (includes certificate generation)
The first step is to explain why HTTPS is implemented.
HTTP full name Hypertext Transfer Protocol, in which the client obtains hypertext content on the server. Hypertext content is based on HTML, the client gets the HTML content can be parsed according to the specification rendering. Therefore, HTTP is primarily responsible for "content requests and fetches". The problem is in this part. monitoring, hijacking, blocking and other behaviors can easily lead to web site leaks, some key parameters such as login password developers will be MD5 encryption on the client, but the Internet is more than the confidential information hosted by the password, search content is also sensitive information. Today, Baidu, Google, GitHub and other sites have been the entire site to enable Https,https like a "lock" on the site, HTTPS do is to request encryption, so that it is more secure for users. For themselves in addition to protect the interests of users, but also to avoid their own traffic is held hostage, in order to protect their own interests. So in my opinion, one day HTTPS will achieve the full network popularization.
Let's get down to the chase.
Description: This tutorial is suitable for already configured WNMP environment, and configures VirtualHost to implement multi-site classmates. If you have not configured it, please refer to my previous article for configuration.
Implementing HTTPS first requires a certificate from the regulatory authority, and we are using OpenSSL to generate the certificate ourselves for the purpose of this exercise. First we need to use the OpenSSL software that generated the certificate.
Steps:
1. Installing OpenSSL
: http://slproweb.com/products/Win32OpenSSL.html (select 32-bit or 64-bit version according to the system to download the installation).
After the download is complete, install it and I installed it in the C:\wnmp\OpenSSL-Win64 folder.
2. Install ActivePerl (This software purpose in order to parse the PL file, some systems do not install also can implement the function of this tutorial, install the software purpose in order to learn Perl).
: http://www.activestate.com/activeperl/downloads/(Download and install according to System selection Win32 or Win64 version).
3. Configure Environment variables
Adding environment variables to environment variables
Variable name: Openssl_home variable value: C:\wnmp\OpenSSL-Win64\bin; (The variable value is the OpenSSL installation location)
Add the following at the end of the path variable:%openssl_home%;
4. Generate a Certificate
(1) First create an SSL folder in the Nginx installation directory to hold the certificate. For example, my file directory is C:\wnmp\nginx\ssl
Enter the command line mode as an administrator and enter the SSL folder. The command is: CD C:/wnmp/nginx/ssl
(2) Create a private key
Execute command at command line: OpenSSL genrsa-des3-out lee.key 1024x768 (Lee filename can be customized) as shown in:
After entering the password, re-enter the confirmation password again. Remember this password and it will be used later.
(3) Create a CSR certificate
Execute command at command line: OpenSSL req-new-key lee.key-out lee.csr (key file for the file just generated, Lee for custom file name)
As shown, after executing the above command, you need to enter information. The most important of the information entered is Common name, and the domain name entered here is the domain name that we want to access using HTTPS.
When the above steps are complete, two files appear in the SSL folder:
(4) Remove the password.
When loading the SSL-supported Nginx and using the private key, remove the required password, or you will need to enter the password when you start the nginx.
Copy Lee.key and rename to lee.key.org
You can use this command line, or you can use the mouse to manipulate copy lee.key lee.key.org
Remove the password and execute this command at the command line: OpenSSL rsa-in lee.key.org-out lee.key (Lee for custom filenames)
As shown, this command needs to enter the password you just set.
(5) Generating a CRT certificate
Execute this command at the command line: OpenSSL x509-req-days 365-in lee.csr-signkey lee.key-out lee.crt (Lee for custom filenames)
After the certificate is generated, the SSL folder generates the following 4 files, which we need to use LEE.CRT and Lee.key.
5. Modify the nginx.conf file
nginx.conf files are located at: C:\wnmp\nginx\conf
Locate the following code in the file to modify the location:
# HTTPS Server # #server { # listen 443 SSL; # server_name localhost; # ssl_certificate Cert.pem; # Ssl_certificate_key Cert.key; # Ssl_session_cache shared:ssl:1m; # ssl_session_timeout 5m; # Ssl_ciphers high:!anull:! MD5; # ssl_prefer_server_ciphers on ; # location /{ # root html; # Index index.html index.htm; # } #}
Modified to:
# HTTPS Server # #modify by Lee 20160907 for https-s server { listen 443 SSL; server_name www.lee.com; Ssl_certificate c:/wnmp/nginx/ssl/lee.crt; Ssl_certificate_key C:/wnmp/nginx/ssl/lee.key; Ssl_session_cache shared:ssl:1m; Ssl_session_timeout 5m; Ssl_ciphers high:!anull:! MD5; Ssl_prefer_server_ciphers on ; Location/{ root c:/wnmp/lee; Index index.html index.htm index.php; } Root C:/wnmp/lee; Fastcgi_pass 127.0.0.1:9001; Fastcgi_index index.php; Fastcgi_param script_filename $document _root$fastcgi_script_name; Include fastcgi_params; }
Restart Nginx.
In the browser, access the https://www.lee.com. Certificate authentication is found and can be successfully accessed. (www.lee.com the domain name entered for Common name when generating the certificate)
(When you perform this step, you need to configure virtual Host and add the index.php default portal Access file to the www.lee.com Open directory.) )
The above HTTPS is underlined by red because we are using the certificate that we generated, which is not trusted by the browser, and if you want to turn it green, you need to apply to the certificate authority.
6. Add redirect, auto jump to use HTTPS.
In nginx.conf, add a line of code to the following code location in virtual host:
Listen ; server_name www.lee.com; #modify by Lee 20160907 for https redirect-s rewrite ^ (. *) https://$server _name$1 permanent; #modify by Lee 20160907 for HTTPS redirect-e
Restart Nginx.
By visiting Www.lee.com, you will find that the browser automatically jumps to https://www.lee.com and is able to access it successfully.
At this point, the HTTPS access configuration completes successfully.
If there is any ambiguity, please feel free to leave a message, if there is a mistake.
Reference: http://blog.csdn.net/ztclx2010/article/details/6896336
Windows Nginx configuration SSL for HTTPS access (includes certificate generation)