How to configure SSL access locally on Nginx

1. Configuration steps

1.1 Generate certificate

keytool -genkey -v -alias nginx -keyalg RSA -keystore nginx.keystore -validity 36500

alias alias is nginx

keystore file For nginx.keystore

validity is valid for 36500 days

Follow the above figure to help us generate the nginx.keystore file

1.2 Convert certificate format

JKS2PFX.bat nginx.keystore 123456 nginx exportfile .

This JKS2PFX.bat is a tool, the download address is

nginx.keystore, which is the file we just generated

123456 is the password we just generated the nginx.keystore file and set

nginx is the alias we just set

exportfile is the file name we want to generate

., the directory where the ssl certificate is generated, indicating the current folder

运行方式：
JKS2PFX.bat <KeyStore文件> <KeyStore密码> <Alias别名> <导出文件名> [目录]

The conversion will generate:

We will copy the exportfile.crt and exportfile.key files to the ssl directory of nginx's conf

1.3 Configure nginx

server {
    listen 443 ssl;
    server_name localhost;
    ssl_certificate ssl/exportfile.crt;
    ssl_certificate_key ssl/exportfile.key; 
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m; 
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_set_header Host       $host;
        proxy_pass http://localhost/;
    }
}

After configuration, use nginx -s reload to restart.

This configuration supports http and https at the same time

means that sslhas been configured

1.4 Note

nginx needs to support ssl. If it does not support it, you need to add a security module.

• with-http_ssl_module: ssl module, if not, you can install it yourself

The above is the detailed content of How to configure SSL access locally on Nginx. For more information, please follow other related articles on the PHP Chinese website!