Oreore certificate https (2020/12/19) for the first time with nginx

things to do

――I haven't touched nginx properly yet, so I learned --Configure with docker --Proxy to multiple application servers --https between nginx server and client with oleore certificate

Overall file structure

├── app #Application servers
│   ├── main
│   │   └── index.html
│   └── sub
│       └── index.html
├── docker
│   └── docker-compose.yml
└── proxy # nginx + ssl
    ├── conf.d
    │   ├── default.conf
    │   └── main.conf
    ├── mime.types #
    ├── nginx.conf
    └── ssl
        ├── server-private.pem
        ├── server-public.key
        ├── server.csr
        ├── server_self_signed.crt
        └── subjectaltname.ext

docker-compose

docker-compose.yml


version: '3'

services:
  main-server:
    image: nginx
    container_name: 'main-server'
    volumes:
      - ../app/main:/usr/share/nginx/html
    ports:
      - 7000:80

  sub-server:
    image: nginx
    container_name: 'sub-server'
    volumes:
      - ../app/sub:/usr/share/nginx/html
    ports:
      - 7001:80

  reverse-proxy:
    image: nginx
    volumes:
      - ../proxy:/etc/nginx
    ports:
      - 80:80
      - 443:443

Proxy with nginx

proxy/nginx.conf


user  nginx;
events {
    worker_connections  16;
}
http {
    charset UTF-8;
    #log format setting
    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';
    access_log /etc/nginx/access_log main;
    #Virtual server configuration directory
    include ./conf.d/*.conf;
}

conf:proxt/conf.d/main.conf


server {
    listen 80;
    return 301 https://$host$request_uri; # http to https
}

server {
    listen 443 ssl;
    server_name localhost; #domain
    keepalive_timeout   70;

    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_session_cache   shared:SSL:10m;
    ssl_session_timeout 10m;
    ssl_buffer_size     16k;
    ssl_certificate     /etc/nginx/ssl/server_self_signed.crt;
    ssl_certificate_key /etc/nginx/ssl/server-private.pem;

    location /main {
        proxy_pass http://host.docker.internal:7000/;
        proxy_redirect off;
    }
    location /sub {
        proxy_pass http://host.docker.internal:7001/;
        proxy_redirect off;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

App server

app/main/index.html


<!DOCTYPE html>
<html>
  <head>
    <meta charset="utf-8"/>
    <meta name="viewport" content="width=device-width, initial-scale=1"/>
    <title>main</title>
  </head>
  <body>
    <h1>main</h1>
  </body>
</html>

app/sub/index.html


<!DOCTYPE html>
<html>
  <head>
    <meta charset="utf-8"/>
    <meta name="viewport" content="width=device-width, initial-scale=1"/>
    <title>sub</title>
  </head>
  <body>
    <h1>sub</h1>
  </body>
</html>

Creating a certificate

Certificate creation


openssl genrsa -out server-private.pem 2048 #Create a 1024-bit private key in RSA format
openssl rsa -in server-private.pem -pubout -out server-public.key #Generate public key
openssl req -new -key server-private.pem > server.csr #CSR creation
openssl x509 -req -in server.csr -signkey server-private.pem 
          -out server_self_signed.crt -days 825 -extfile subjectaltname.ext #Issuance of self-signed certificate

subjectaltname.ext


subjectAltName=DNS:localhost

Once this is done, register server_self_signed.crt with the host's certificate. Don't forget to trust once you register. https://qiita.com/colomney/items/887f9ea7b68a3b427060

I wrote only the implementation as a reminder, so please check each for details.

Reference/Citation source

https://nginx.org/en/docs/beginners_guide.html https://qiita.com/zawawahoge/items/d58ab6b746625e8d4457 https://qiita.com/kunichiko/items/12cbccaadcbf41c72735 https://qiita.com/katsunory/items/97f5a4738863776fbaf4 https://kazuhira-r.hatenablog.com/entry/20180803/1533302929

Recommended Posts

Oreore certificate https (2020/12/19) for the first time with nginx
Spring Boot for the first time
Spring AOP for the first time
Modeling a Digimon with DDD for the first time Part 1
Introduction to java for the first time # 2
Learning for the first time java [Introduction]
I tried using Docker for the first time
Walls hit by Rspec for the first time
Android Studio development for the first time (for beginners)
I tried touching Docker for the first time
Learn for the first time java # 3 expressions and operators
HTTPS connection with Java to the self-signed certificate server
Learning memo when learning Java for the first time (personal learning memo)
How to study kotlin for the first time ~ Part 2 ~
How to study kotlin for the first time ~ Part 1 ~
[Rails] I tried using the button_to method for the first time
With the software I've been making for a long time ...
Think when Rails (turbolinks) doesn't load the page for the first time
The story of releasing the Android app to the Play Store for the first time.
[Socket communication (Java)] Impressions of implementing Socket communication in practice for the first time
Creating an app and deploying it for the first time on heroku
Programming for the first time in my life Java 1st Hello World
Touching kotlin for the first time-Enum Classes
Time shift measures with Docker for Windows
Use the l method for time notation
The story of intentionally using try catch for the first time in my life
Impressions and doubts about using java for the first time in Android Studio
A story about a super beginner participating in the AtCoder contest for the first time (AtCoder Beginner Contest 140)
[Java] Set the time from the browser with jsoup
Specify the timeout for each path with Rack :: Timeout
Install Amazon Corretto (preview) for the time being
Tips for improving Jbuilder rendering time with jsonapi-serializer
Use Java external library for the time being
Run Dataflow, Java, streaming for the time being
A memo to do for the time being when building CentOS 6 series with VirtualBox
[CircleCI] I will explain the stupid configuration file (config.yml) that I wrote for the first time.
[Android studio / Java] What you don't understand when you touch it for the first time