Small knowledge, big challenge! This paper is participating in theEssentials for programmers”Creative activities.
Writing in the front
Without further ado, this article will take advantage of openSSL, an open source artifact, to get certificates for free and make your HTTP access HTTPS.
Some time ago when building k8S recommendation official background dashboard encountered a problem, that is, this background must be HTTPS access, otherwise access can not go in. This can be a thief egg pain, you a small background, but also have to let me get certificate access, you know, HTTPS access must require a certificate.
So came openSSL, which is an open source software tool library that can generate a set of certificates and then map them through Nginx.
The operation was as fierce as a tiger
First, it should be noted that this article is being executed in a Linux environment.
1. Create the server certificate key file server.key
openssl genrsa -des3 -out server.key 2048
Copy the codeAs above: DES3 is an algorithm with 2048 bit strength (for confidentiality). Server. key is the name of the key file. -Out indicates the path and name of the generated file.
The diagram below:
The password is required in the red box. It is required and will be used later.
2. Create the server certificate application file server.csr
openssl req -new -key server.key -out server.csr
Copy the codeYou will be asked for the following
The output is:
Enter pass phrase ‘ ‘for root.key: Enter the password created earlier
Country Name (‘ 2 letter Code) [AU]:CN
State or Province Name (full Name) [some-state]
Locality Name (EG, city) []: Full Name of BeiJing City (Pinyin
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Yvioo
Organizational Unit Name (eg, section) []: Unit Name may not be entered
Common Name (eg, YOUR Name) []: Enter YOUR Name
Email Address []:admin '@mycompany'. Com
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A Challenge password []: this parameter is optional
An optional company name []: Optional
3. Remove the file password
openssl rsa -in server.key.org -out server.key
Copy the code
It’s going to ask you to enter the same password that you entered at the beginning
4. Generate the certificate file server. CRT
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Copy the code
Finally, three files (CRT, CSR and Key) are obtained as shown in the figure above.
OK, here to use openSSL to generate a certificate step end, is not thief simple. Next, look at the configuration of nginx
Nginx configures certificates
This step should be understood by many people, is to configure the certificate location, OK.
server {
listen 443ssl; server_name xx.xxx.xxx.xx; ssl_certificate /etc/nginx/key/server.crt; ssl_certificate_key /etc/nginx/key/server.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:! aNULL:! MD5; ssl_prefer_server_ciphers on; location /kube/ { proxy_pass https:/ / 11.100.5.204:32001 /;}}Copy the codeNext, restart nginx and use HTTPS to access:
Access successful. This is the login page of the Dashboard management platform
OK, that’s all for today’s trivia and I’ll see you next time
overtones
Thank you for reading, if you feel that you have learned something, please like, follow. Also welcome to have a question we comment below exchange
Come on! See you next time!
To share with you a few I wrote in front of a few SAO operation
Talk about different strategy patterns (Bookmarks)
Copy object, this operation is a little SAO!