Windows Nginx configuration SSL for HTTPS access (includes certificate generation)

Source: Internet
Author: User
Tags openssl rsa openssl x509 csr certificate learn perl

Vincent. Windows Nginx Configuration SSL for HTTPS access (including certificate generation)

Windows Nginx configuration SSL for HTTPS access (includes certificate generation)

The first step is to explain why HTTPS is implemented.

HTTP full name Hypertext Transfer Protocol, in which the client obtains hypertext content on the server. Hypertext content is based on HTML, the client gets the HTML content can be parsed according to the specification rendering. Therefore, HTTP is primarily responsible for "content requests and fetches". The problem is in this part. monitoring, hijacking, blocking and other behaviors can easily lead to web site leaks, some key parameters such as login password developers will be MD5 encryption on the client, but the Internet is more than the confidential information hosted by the password, search content is also sensitive information. Today, Baidu, Google, GitHub and other sites have been the entire site to enable Https,https like a "lock" on the site, HTTPS do is to request encryption, so that it is more secure for users. For themselves in addition to protect the interests of users, but also to avoid their own traffic is held hostage, in order to protect their own interests. So in my opinion, one day HTTPS will achieve the full network popularization.

Let's get down to the chase.

Description: This tutorial is suitable for already configured WNMP environment, and configures VirtualHost to implement multi-site classmates. If you have not configured it, please refer to my previous article for configuration.

Implementing HTTPS first requires a certificate from the regulatory authority, and we are using OpenSSL to generate the certificate ourselves for the purpose of this exercise. First we need to use the OpenSSL software that generated the certificate.

Steps:

1. Installing OpenSSL

: http://slproweb.com/products/Win32OpenSSL.html (select 32-bit or 64-bit version according to the system to download the installation).

After the download is complete, install it and I installed it in the C:\wnmp\OpenSSL-Win64 folder.

2. Install ActivePerl (This software purpose in order to parse the PL file, some systems do not install also can implement the function of this tutorial, install the software purpose in order to learn Perl).

: http://www.activestate.com/activeperl/downloads/(Download and install according to System selection Win32 or Win64 version).

3. Configure Environment variables

Adding environment variables to environment variables

Variable name: Openssl_home variable value: C:\wnmp\OpenSSL-Win64\bin; (The variable value is the OpenSSL installation location)

Add the following at the end of the path variable:%openssl_home%;

4. Generate a Certificate

(1) First create an SSL folder in the Nginx installation directory to hold the certificate. For example, my file directory is C:\wnmp\nginx\ssl

Enter the command line mode as an administrator and enter the SSL folder. The command is: CD C:/wnmp/nginx/ssl

(2) Create a private key

Execute command at command line: OpenSSL genrsa-des3-out lee.key 1024x768 (Lee filename can be customized) as shown in:

      

After entering the password, re-enter the confirmation password again. Remember this password and it will be used later.

(3) Create a CSR certificate

Execute command at command line: OpenSSL req-new-key lee.key-out lee.csr (key file for the file just generated, Lee for custom file name)

      

As shown, after executing the above command, you need to enter information. The most important of the information entered is Common name, and the domain name entered here is the domain name that we want to access using HTTPS.

When the above steps are complete, two files appear in the SSL folder:

(4) Remove the password.

When loading the SSL-supported Nginx and using the private key, remove the required password, or you will need to enter the password when you start the nginx.

Copy Lee.key and rename to lee.key.org

You can use this command line, or you can use the mouse to manipulate copy lee.key lee.key.org

Remove the password and execute this command at the command line: OpenSSL rsa-in lee.key.org-out lee.key (Lee for custom filenames)

As shown, this command needs to enter the password you just set.

      

(5) Generating a CRT certificate

Execute this command at the command line: OpenSSL x509-req-days 365-in lee.csr-signkey lee.key-out lee.crt (Lee for custom filenames)

      

After the certificate is generated, the SSL folder generates the following 4 files, which we need to use LEE.CRT and Lee.key.

      

5. Modify the nginx.conf file

nginx.conf files are located at: C:\wnmp\nginx\conf

Locate the following code in the file to modify the location:

# HTTPS Server    #    #server {    #    listen       443 SSL;    #    server_name  localhost;    #    ssl_certificate      Cert.pem;    #    Ssl_certificate_key  Cert.key;    #    Ssl_session_cache    shared:ssl:1m;    #    ssl_session_timeout  5m;    #    Ssl_ciphers  high:!anull:! MD5;    #    ssl_prefer_server_ciphers on  ;    # location    /{    #        root   html;    #        Index  index.html index.htm;    #    }    #}

Modified to:

# HTTPS Server    # #modify by Lee 20160907 for https-s     server {        listen       443 SSL;        server_name    www.lee.com;            Ssl_certificate      c:/wnmp/nginx/ssl/lee.crt;        Ssl_certificate_key  C:/wnmp/nginx/ssl/lee.key;            Ssl_session_cache    shared:ssl:1m;        Ssl_session_timeout  5m;            Ssl_ciphers  high:!anull:! MD5;        Ssl_prefer_server_ciphers on  ;            Location/{            root   c:/wnmp/lee;            Index  index.html index.htm index.php;        }               Root           C:/wnmp/lee;               Fastcgi_pass   127.0.0.1:9001;               Fastcgi_index  index.php;               Fastcgi_param  script_filename  $document _root$fastcgi_script_name;               Include        fastcgi_params;        }    

Restart Nginx.

In the browser, access the https://www.lee.com. Certificate authentication is found and can be successfully accessed. (www.lee.com the domain name entered for Common name when generating the certificate)

(When you perform this step, you need to configure virtual Host and add the index.php default portal Access file to the www.lee.com Open directory.) )

      

The above HTTPS is underlined by red because we are using the certificate that we generated, which is not trusted by the browser, and if you want to turn it green, you need to apply to the certificate authority.

6. Add redirect, auto jump to use HTTPS.

In nginx.conf, add a line of code to the following code location in virtual host:

    Listen       ;                        server_name   www.lee.com;                    #modify by Lee 20160907 for https redirect-s                            rewrite ^ (. *) https://$server _name$1 permanent;                    #modify by Lee 20160907 for HTTPS redirect-e                        

Restart Nginx.

By visiting Www.lee.com, you will find that the browser automatically jumps to https://www.lee.com and is able to access it successfully.

At this point, the HTTPS access configuration completes successfully.

If there is any ambiguity, please feel free to leave a message, if there is a mistake.

Reference: http://blog.csdn.net/ztclx2010/article/details/6896336

 

Windows Nginx configuration SSL for HTTPS access (includes certificate generation)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.