Province Name (full name) []:taoLocality Name (eg, city) [Default City]:xieOrganization Name (eg, company) [Default Company Ltd]:linOrganizational Unit Name (eg, section) []:apaCommon Name (eg, your name or your server‘s hostname) []:dfdEmail Address []:adming Please enter the following ‘extra‘ attributesto be sent with your certificate requestA challenge password []:szyino-123An optional company name []:fdafNote: Because it is issued to its own certificate, so the information can be filled in
commente D out to leave a V1 CRLCRL = $dir/crl.pem # The current CRLPrivate_key = $dir/private/cakey.pem# the private keyRandfile = $dir/private/.rand # private random number file[Req_distinguished_name]CountryName = Country Name (2 letter code)Countryname_default = CNCountryname_min = 2Countryname_max = 2Stateorprovincename = State or province name (full name)Stateorprovincename_default = FJLocalityname = locality Name (eg, city)Localityname_default = FZ0.organizationName = Organization Name (
, encrypted with the negotiated encryption algorithm to ensure that the data is intact and not tampered with;
Generate an SSL key pairThe normal website HTTPS use SSL certificate is need to purchase, we do the experiment just need to generate one on the line, but not on the network to circulate;Download OpenSSL build Softwareyum install -y opensslEnter the key pair directorySet secret key to pre
= $dir/crl.pem # the Current CRL Private_key = $dir/private/cakey.pem# the private key randfile = $dir/private/.rand # private Random Numbe R file [req_distinguished_name] countryname = Country name (2 letter code) Countryname_default = CN Countrynam E_min = 2 Countryname_max = 2 Stateorprovincename = State or province name (full Name) stateorprovincename_d Efault = FJ LocaLityname = locality name (eg, city) Localityname_default = FZ 0.organizationName = Organization name (eg, compa NY) 0.organ
Official reference documentation, including the SSL configuration for Apache, Nginx, and IIS:http://www.wosign.com/Docdownload/Instance one, configure HTTP to forward to HTTPS, a virtual host has two servers, some content use * * insteadNGX01 (10.66.**.**), Ngx02 (10.66.**.**)1, add the Sslkey folder in/etc/nginx, import the
. One-way server Verification
Create and enter the sslkey storage directory
# Mkdir/opt/nginx/sslkey
# Cd/opt/nginx/sslkey
① Generate an RSA key:
# OpenSSL genrsa-out key. pem 2048
② Generate a certificate request
# OpenSSL req-New-Key key. pem-out cert. CSR
# // The system will prompt you to enter the province, city, domain name information, etc. What's important is that email must be your domain name suff
Environment Introduction
1.nginx Server: 10.10.54.157
2. Configure the Nginx server, and when you hear from the client www.zijian.com:80 request, go to 10.10.54.150:1500 on this Web server
3. Configure Nginx server to support SSL encrypted transport protocol
Generate the required certificate file for
This article shows you how to set stronger SSL on a Nginx Web server. We are implementing this method by weakening the crime attack by invalidating the SSL. Do not use the vulnerable SSLv3 in the protocol and the following version and we will set up a stronger cipher suite in order to be able to implement forward secrecy where possible, we also enable HSTs and HP
-error.log;### SSL cert files ###ssl_certificate ssl/nixcraft.in.crt;ssl_certificate_key ssl/nixcraft.in.key;### Add SSL specific settings here ###keepalive_timeout 60;### Limiting Ciphers ######################### Uncomment as per your setup#ssl_ciphers HIGH:!ADH;#ssl_perfe
Nginx is a high-performance HTTP server, but also an efficient reverse proxy server. Unlike traditional servers, Nginx is an event-based asynchronous architecture with little memory footprint but good performance. If your Web application is based on Node.js, it is recommended that you consider using Nginx as a reverse proxy, because
This article chooses Nginx and MySQL to cooperate with Gitlab to realize the function of Web management, data storage and so on, the difficulty of configuration is basically in Gitlab script modification, SSH secret key connection, Nginx SSL certificate and so on, the author also consumes very big strength, Combined with a lot of documents clue and many foreigner
This article mainly introduces the Nginx SSL fast Two-way authentication configuration (script), has a certain reference value, now share to everyone, the need for friends can refer to
Currently encountering a project has security requirements that require only individual users to have access. In accordance with the configuration can be solved by no code to solve the principle of the
Nginx To configure SSL is very simple, whether it is to go to the certification Center to buy SSL security certificate or self-signed certificate, but recently a company OA needs, to have a chance to actually toss it. At first, full station encryption, all access to HTTP:80 request cast (rewrite) to HTTPS, and then automated test results said that the response sp
certification authority, and when your domain name or organization is validated, the certification authority will issue you with a EXAMPLE_COM.CRT
And Example_com.key is to be used in Nginx configuration and EXAMPLE_COM.CRT with the use of, need to take good care of, do not leak to any third party.
Third, Nginx configure HTTPS Web site and increase security configuration
As mentioned earlier, you will n
Nginx starts the SSL feature and optimizes the functionality, you see, that's enough.
One: Start Nginx SSL Module
1.1 Nginx If SSL module is not open, prompt for error when configuring HTTPS
Gitlab is an Open-source project management program developed with Ruby on rails. Access to public or private projects through the Web interface. It has a similar function with GitHub to explore source code, manage defects, and annotate.
This article chooses Nginx and MySQL to cooperate with Gitlab to realize the function of Web management, data storage and so on, the difficulty of configuration is basically in Gitlab script modification, SSH
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.