Installation configuration method for Nginx one way authentication
- 2020-05-09 19:51:25
- OfStack
First of all, the system should have installed openssl. The following are the steps and scripts to perform the installation configuration of one-way authentication using openssl:
#--------------------------------------------------------
# One-way authentication means that the data being transmitted is encrypted but does not verify the client's source
# single SSL Connect, which is just the client validating the server certificate
#--------------------------------------------------------
# Create a storage path
rm -rf /usr/local/nginx/ca.1way
mkdir -p /usr/local/nginx/ca.1way/
cd /usr/local/nginx/ca.1way/
# Create the server private key (the process requires a password, remember this password) generate RSA The key
/usr/local/openssl/bin/openssl genrsa -des3 -out server.key 2048
#------------------------------------------------------------------
Enter pass phrase for server.key: zhoulf123
Verifying - Enter pass phrase for server.key: zhoulf123
#------------------------------------------------------------------
# generate 1 Individual certificate request
/usr/local/openssl/bin/openssl req -new -key server.key -out server.csr
#---------------------------------------------------------------------------------------------------------------
Enter pass phrase for server.key: zhoulf123
Country Name (2 letter code) [XX]: CN # countries
State or Province Name (full name) []: BEIJING # Region or province
Locality Name (eg, city) [Default City]: BEIJING # Local name
Organization Name (eg, company) [Default Company Ltd]: Navinfo Co.,Ltd # Organization name: fill in the company name
Organizational Unit Name (eg, section) []: GIS # Name of organization unit : Department name
Common Name (eg, your name or your server's hostname) []: vw.test.zhoulf.com # Website domain name
Email Address []: xxxxxx@163.com # Email address
A challenge password []: # The input 1 A password
An optional company name []: #1 An optional company name
#---------------------------------------------------------------------------------------------------------------
# Once you have entered this, it will be generated in the current directory server.csr file
cp server.key server.key.org
# For starting with the private key above SSL The function of NGINX
/usr/local/openssl/bin/openssl rsa -in server.key.org -out server.key
#---------------------------------
Enter pass phrase for server.key.org: zhoulf123
#---------------------------------
# Use the key and above CSR Sign the certificate
/usr/local/openssl/bin/openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Modify the nginx.conf file and add the https configuration content:
#--------------------------------------------------------
# HTTPS server
server {
listen 443;
server_name localhost;
ssl on;
ssl_certificate /usr/local/nginx/ssl.ca.1way/server.crt;
ssl_certificate_key /usr/local/nginx/ssl.ca.1way/server.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / {
root /var/www/html;
index index.html index.htm;
}
}
#--------------------------------------------------------
Once configured, restart nginx and open the website with https. The browser will prompt the certificate error. Click to continue browsing