Shulou(Shulou.com)06/02 Report--

Preface

Previously, when adding https to the company's application, it was configured on nginx, which does not require additional development of node, but the developers in the group have not been configured locally and have been developed and tested in the way of http. Recently, it has been found that some case needs to be reproduced by https. For example, in app above Android 5.0, websites using https to access the content of http will prevent access. When testing this problem, you need a local https environment. So I spent some time learning the construction of the local https, and record it here. There is no more to say below, let's take a look at the detailed introduction.

Generate a certificate

A locally developed certificate can be generated on its own, and a simple certificate can be generated by the following steps:

First, go to the directory where you want to create the certificate and private key, for example:

$cd / usr/local/nginx/conf

Create the server private key, and the command will ask you to enter a password:

$openssl genrsa-des3-out server.key 1024

Create the certificate to sign the request (CSR):

$openssl req-new-key server.key-out server.csr

Configure https

The https configuration of nginx is very simple, which is to listen on port 443 and add the relevant ssl configuration.

Server {listen 80; listen 443; ssl on; ssl_certificate ssl/server.crt; ssl_certificate_key ssl/server.key;}

After configuring your own upstream and location, you can use https to access it.

I stepped on a hole here, because the domain name I need to add https is equipped with a virtual host, but my ssh is not added to the virtual host, so I can't access it at first, so I learned how to check the problem of nginx.

Make sure it's not the browser, it's the nginx configuration.

Wget local.xxx.com okwget local.xxx.com:443 cant receive

Then check it out that nginx has two kinds of logs, access log and error log.

The access log log records which users, which pages, as well as user browsers, ip, and other access information, and error log records server error logs.

I checked nginx's access.log without log first, and then checked nginx's error.log to find an error.

14:07:10 on 2017-04-18 [error] 186140: * 168168.2.1 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 192.168.2.1, server: 0.0.0.0pur4432017Unip 04max 18 14:07:10 [error] 186140,169 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 192.168.2.1, server: 0.0.0.0443

Finally, it is found that there is no ssh in the virtual host.

Unable to access using http

Careful friends may have seen that there is something wrong with this configuration, because ssl:on is enabled, resulting in an error when using http to access.

The plain HTTP request was sent to HTTPS port

Subsequently, the line ssl:on was deleted, and the listening on port 443 was modified.

Listen 443 ssl

Problems with mac trust certificates

After configuring https, mac always shows that the certificate is not trusted when it is opened with chrome. You need to click OK to proceed, and the static resources of my https cannot be accessed. You can use safari to open the page and click Trust.

Summary

The above is the whole content of this article, I hope that the content of this article has a certain reference and learning value for your study or work, if you have any questions, you can leave a message and exchange, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.