Small knowledge, big challenge! This paper is participating in theEssentials for programmers”Creative activities.

Writing in the front

Without further ado, this article will take advantage of openSSL, an open source artifact, to get certificates for free and make your HTTP access HTTPS.

Some time ago when building k8S recommendation official background dashboard encountered a problem, that is, this background must be HTTPS access, otherwise access can not go in. This can be a thief egg pain, you a small background, but also have to let me get certificate access, you know, HTTPS access must require a certificate.

So came openSSL, which is an open source software tool library that can generate a set of certificates and then map them through Nginx.

The operation was as fierce as a tiger

First, it should be noted that this article is being executed in a Linux environment.

1. Create the server certificate key file server.key

openssl genrsa -des3 -out server.key 2048
Copy the code

As above: DES3 is an algorithm with 2048 bit strength (for confidentiality). Server. key is the name of the key file. -Out indicates the path and name of the generated file.

The diagram below:

The password is required in the red box. It is required and will be used later.

2. Create the server certificate application file server.csr

openssl req -new -key server.key -out server.csr
Copy the code

You will be asked for the following

The output is:

Enter pass phrase ‘ ‘for root.key: Enter the password created earlier

Country Name (‘ 2 letter Code) [AU]:CN

State or Province Name (full Name) [some-state]

Locality Name (EG, city) []: Full Name of BeiJing City (Pinyin

Organization Name (eg, company) [Internet Widgits Pty Ltd]:Yvioo

Organizational Unit Name (eg, section) []: Unit Name may not be entered

Common Name (eg, YOUR Name) []: Enter YOUR Name

Email Address []:admin '@mycompany'. Com

Please enter the following ‘extra’ attributes

to be sent with your certificate request

A Challenge password []: this parameter is optional

An optional company name []: Optional

3. Remove the file password

openssl rsa -in server.key.org -out server.key
Copy the code

It’s going to ask you to enter the same password that you entered at the beginning

4. Generate the certificate file server. CRT

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Copy the code

Finally, three files (CRT, CSR and Key) are obtained as shown in the figure above.

OK, here to use openSSL to generate a certificate step end, is not thief simple. Next, look at the configuration of nginx

Nginx configures certificates

This step should be understood by many people, is to configure the certificate location, OK.


 server {
     listen   443ssl; server_name xx.xxx.xxx.xx; ssl_certificate /etc/nginx/key/server.crt; ssl_certificate_key /etc/nginx/key/server.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:! aNULL:! MD5; ssl_prefer_server_ciphers on; location /kube/ { proxy_pass https:/ / 11.100.5.204:32001 /;}}Copy the code

Next, restart nginx and use HTTPS to access:

Access successful. This is the login page of the Dashboard management platform

OK, that’s all for today’s trivia and I’ll see you next time

overtones

Thank you for reading, if you feel that you have learned something, please like, follow. Also welcome to have a question we comment below exchange

Come on! See you next time!

To share with you a few I wrote in front of a few SAO operation

Talk about different strategy patterns (Bookmarks)

Copy object, this operation is a little SAO!