windows system configuration Nginx uses SSL certificate to realize Https reverse proxy

Nginx reverse proxy service can receive requests on behalf and forward them to other servers set up.

For example, the Nginx server is 100.101.102.103 and the A service is 100.101.102.104. Through the Nginx configuration file, the Nginx server agent can receive the request of A service and then forward it to the A service.

Through SSL certificate configuration, Nginx can have the ability to receive Https, and then forward it to service A through http;

Or receive an Http request and force it to be converted into an Http request and forwarded to service A through Nginx configuration.

Nginx can proxy multiple services.

This article uses the windows system server operation, and the SSL certificate is the free SSL of Tencent cloud (detailed steps below).

1, Install Nginx

Nginx download official website address: http://nginx.org/en/download.html

Version 1.18.0 is used this time.

 

 

Find a location to unzip after downloading

 

 

Then run the command window under this directory (you can enter cmd in the folder address bar)

 

 

Enter nginx Exe enter prompt error

nginx: [emerg] CreateDirectory() "E:\tools\Nginx\nginx-1.18.0/temp/client_body_temp" failed (3: The system cannot find the path specified)

The reason is that the temp folder is not found in the nginx directory. Create a new one manually.

 

 

Restart the browser, enter localhsot # to enter the nginx page, and the installation is successful!

 

 

2, Request SSL certificate

Tencent cloud can apply for domain name free SSL Tencent cloud

 

 

Buy now

 

 

 

 

The above tips to note are: only one secondary domain name or subdomain name can be bound, such as Tencent com,cloud.tencent.com,dnspod.cloud.tencent.com.

In other words, an SSL application can only bind one domain name, but you can apply for binding the secondary domain name or subdomain name of the domain name for many times.

You can bind the domain name or secondary domain name or subdomain name as needed. For example, the domain name bound to the SSL we applied for is test com

 

The next step is to resolve a record on the website where the domain name is located according to the parameters given by Tencent cloud to prove the right to use the domain name.

 

 

 

For example, my domain name is on Meicheng Internet, address: https://www.cndns.com

 

 

You need to add a record in the domain name resolution, fill in the host record field provided by Tencent cloud for the host name, select TXT for the record type, and fill in the record value field provided by Tencent cloud for the record value.

Then save and wait for it to take effect, usually within one and a half hours, and then wait for Tencent cloud to issue it.

 

Download the certificate file in the certificate details

 

3, Nginx configures SSL certificate to implement Https proxy

The agent receives the https request and forwards the request to the http interface of other services.

(for example, service A is on 100.101.102.104:8080 and only http access is allowed. Nginx service is on 100.101.102.103:8080 , configure SSL certificate through nginx to realize the request of https interface, and then send the request proxy to service A to send http request).

Put test com. Key and test com_ bundle. Crt# two files are placed in the conf directory under the nginx installation directory (together with nginx.conf)

Modify nginx Conf configuration file:

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;

    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       81;
        server_name  test.com;

        return 301 https://$host$request_uri;
        
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }

    # HTTPS server
    #
    server {
        listen       8080 ssl; # Port used by nginx
        server_name  test.com; # Domain name bound by SSL certificate

        ssl_certificate      test.com_bundle.crt;
        ssl_certificate_key  test.com.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  CDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
        ssl_prefer_server_ciphers  on;

        location / {
            proxy_pass http://100.101.102.104:8080;  # Service address to be forwarded to A service address
            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Allow-Credentials' 'true';
        }
    }
}

Restart nginx or refresh the nginx configuration file.

Test:

For example, service A has an interface: http://100.101.102.104:8080/login/index

Then test https://test.com/login/index

See if it's with http://100.101.102.104:8080/login/index Consistent access.

Keywords: Nginx SSL https

Added by Phate on Thu, 27 Jan 2022 05:05:53 +0200

Popular Keywords

©2024 Programming VIP