pdsor

pdsor

HomeArchives

Self-signed SSL and apply it to Laravel

#ssl#laravel#nginx57
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The document outlines the process of generating a self-signed SSL certificate and configuring it for use in a Laravel project. 1. **Generate Self-Signed Certificate**: - Create a password-protected private key using OpenSSL. - Generate a certificate signing request (CSR) based on the private key. - Backup the original private key and remove its password protection. - Sign the CSR with the private key to create a self-signed certificate valid for 10 years. 2. **Configure Nginx**: - Update the Nginx configuration to use the generated certificate and key files. - Set up server blocks to redirect HTTP traffic to HTTPS and define SSL settings, including protocols and cipher suites. 3. **Validate and Restart Nginx**: - Test the Nginx configuration and reload the service to apply changes.

This article documents the complete process of generating a self-signed SSL certificate and applying it in a Laravel project.

Generate Self-Signed Certificate File#

First, use the openssl command to generate a self-signed certificate and private key. Here are the specific steps:

# Generate a password-protected private key
openssl genrsa -des3 -out server.key 4096 

# Generate a certificate signing request file based on the private key
openssl req -new -key server.key -out server.csr

# Backup the original private key file
cp server.key server.key.org

# Remove password protection for Nginx to use
openssl rsa -in server.key.org -out server.key

# Sign the self-signed certificate using the private key, valid for 10 years (3650 days)
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt

Modify Middleware Configuration File to Apply the Generated Certificate File#

In the configuration file, use the following configuration to apply the generated certificate file.

server {
    listen 80;
    server_name _;
    return 301 https://$host$request_uri;
  }
  server {
        listen       443 ssl;
        server_name  localhost;
        ssl_certificate      /usr/local/openresty/nginx/conf/cert/server.crt;
        ssl_certificate_key  /usr/local/openresty/nginx/conf/cert/server.key;
        ssl_session_cache    shared:SSL:5m;
        ssl_session_timeout  5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
        ssl_prefer_server_ciphers on;
        access_log /data/wwwlogs/access_nginx.log combined;
        root /data/wwwroot/risk.sdzc.test/public;
        index index.html index.htm index.php;
        #error_page 404 /404.html;
        #error_page 502 /502.html;
        #location /nginx_status {
        #  stub_status on;
        #  access_log off;
        #  allow 127.0.0.1;
        #  deny all;
        #}
        location / {
            try_files $uri $uri/ /index.php?$query_string;
        }
        location ~ [^/]\.php(/|$) {
            #fastcgi_pass remote_php_ip:9000;
            fastcgi_pass unix:/dev/shm/php-cgi.sock;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
            fastcgi_index index.php;
            include fastcgi.conf;
        }
        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
            expires 30d;
            access_log off;
        }
        location ~ .*\.(js|css)?$ {
            expires 7d;
            access_log off;
        }
        location ~ ^/(\.user.ini|\.ht|\.git|\.svn|\.project|LICENSE|README.md) {
            deny all;
        }
        location /.well-known {
            allow all;
        }
    }

Verify and Restart Your Middleware (nginx)#

nginx -t
nginx -s reload
Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.