1024programmer Asp.Net Nginx daily usage experience that is useful for both front-end and back-end

Nginx daily usage experience that is useful for both front-end and back-end

Nginx daily usage experience that is useful for both front and back ends

Nginx daily use experience that is useful for both front and back ends
This article will share its use in Windows/docker, the solution script for deploying it into a service using nssm, the solution for customizing domain names in the local area network to solve the problem of insecure https prompts, and the pitfalls encountered along the way.

Foreword

nginx is a high-performance open source reverse proxy server and web server. It is generally used to build static resource servers, load balancers, and reverse proxies. This article will share its use in Windows/docker and deploy it using nssm. The service plan script, the solution for customizing domain names in the local area network to solve the problem of insecure https prompts, and the pitfalls that have been encountered along the way.

Features

  • High performance: event-driven asynchronous architecture, capable of handling a large number of concurrent connections
  • Static resource server: deploy front-end static pages and static resources
  • Reverse proxy server: receives client requests and forwards the requests to back-end services, which can implement functions such as load balancing, request distribution and caching
  • Support HTTPS

usage

  • Configure domain name forwarding to project services

  • Forward the external network penetration request to the LAN server

  • https configuration of test environment project

  • Need to understand what happens after nginx is started by default?

    • Listen to the specified port (default 80)
    • Intercept the local request to access port 80 and send it to nginx for processing
    • You can add configurations to listen on different ports
    • Similarly listens to 80, but you can specify different domain names to use different rules through server_name
    • Local testing can forward domain name requests to the local machine by modifying the hosts file (C:\Windows\System32\drivers\etc\hosts)
    • The server needs to resolve the domain name to the server IP. Different cloud providers also need to pay attention to their security groups, whether the firewall is turned on or need to set rules
  • The path in Windows needs to use / or \, such as the path D:\Software\nginx-1.24.0\ssl nginx.conf needs to be configured as D:/Software/nginx-1.24 .0/ssl/ or D:\Software\nginx-1.24.0\ssl\

Practice

Preparation

  • This article version: v1.24.0

  • Port used: 80 443

  • The most basic composition: one server node and one domain name configuration. If you want to add other configurations, just add the server node

     worker_processes 1;
      events {
          worker_connections 1024;
      }
      http {
          server {
              listen 80;
              server_name localhost;
              error_page 500 502 503 504 /50x.html;
              location = /50x.html {
                  roothtml;
              }
          }
      }
      ```
    
     

Windows installation and use nginx

Install and run

  • You can download v1.24.0 directly from the official website

  • After downloading, extract it to: D:\Software\nginx-1.24.0

  • Open cmd in the directory input box and run: start nginxRun nginx. If the port is not occupied, visit localhost and the welcome page will appear


  • Try to modify the configuration: D:\Software\nginx-1.24.0\confi\nginx.conf Add a text return

  • Added text and json return

     #server{....
      #return text
      location /text {
          add_header Content-Type text/plain;
          return 200 'This is a plain text response.';
      }
      #Return json
      location /json {
          add_header Content-Type application/json;
          return 200 '{"message": "This is a JSON response.233"}';
      }
    
      #default allocation
      location/{
          roothtml;
          index index.html index.htm;
      }
      #...}
      ```
    
     

Domain name configuration

  • Because it is tested locally, you need to use the domain name to access nginx, and you need to configure hosts (the server’s external network domain name configuration will resolve the domain name to the server)

  • Add a record: 127.0.0.1 ``nginx.devops.test.com Now by default, nginx is requested when accessing nginx.devops.test.com By default, nginx listens to localhost:80 to return the content we specified

  • Add the server configuration node, access it after reloading the configuration, and you will see that the configuration is displayed during the access.ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    location/{
    proxy_pass http://apollo_portal_2_1:8070/;
    proxy_set_header host $http_host;
    proxy_set_header x-real-ip $remote_addr;
    proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
    proxy_set_header x-forwarded-proto $scheme;
    }
    }
    “`

  • Script local directory preview, added system judgment linux, execution needs to add execution permissions to the script to be executed: chmod +x ./01.build-pem.sh

  • nginx-start.bat: Delete the nginx process and start the nginx service

     @echo off
      cd /d %~dp0
      echo kill nginx
      taskkill /fi "imagename eq nginx.EXE" /f
      echo start nginx
      start nginx
      echo start nginx success
      pause
      ```
    
     
  • nginx-nssm-service.bat creates nginx service script

     @echo off
      cd /d %~dp0
      nssm stop Nginx-service
      nssm remove Nginx-service confirm
      nssm install Nginx-service D:\Software\nginx-1.24.0\start.bat
      sc start Nginx-service
      pause
      ```
    
     
  • 01.build-pem.sh creates a self-signed certificate

     #!/bin/sh
      # Generate the root certificate. To access the client, you need to install and import myCA.pem. Then generate the certificate required by nginx based on myCA.key and myCA.pem.
      if uname | grep -q "MINGW"; then
        winpty openssl genrsa -out myCA.key 2048
        winpty openssl req -x509 -new -nodes -key myCA.key -days 1825 -out myCA.pem
      else
        openssl genrsa -out myCA.key 2048
        openssl req -x509 -new -nodes -key myCA.key -days 1825 -out myCA.pem
      fi
      ```
    
     
  • 02.build-ssl.sh creates domain name certificate

     #!/bin/bash
    
      if [ "$#" -ne 1 ]; then
        echo "Usage: Must supply a domain"
        exit 1
      fi
    
      DOMAIN=$1
    
      mkdir $DOMAIN
      #!/bin/sh
      if uname | grep -q "MINGW"; then
        winpty openssl genrsa -out $DOMAIN/server.key 2048
        winpty openssl req -new -key $DOMAIN/server.key -out $DOMAIN/server.csr
      else
        openssl genrsa -out $DOMAIN/server.key 2048
        openssl req -new -key $DOMAIN/server.key -out $DOMAIN/server.csr
      fi
    
      cat >$DOMAIN/server.ext <<EOF
      authorityKeyIdentifier=keyid,issuer
      basicConstraints=CA:FALSE
      keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
      subjectAltName = @alt_names
      [alt_names]
      DNS.1 = $DOMAIN
      EOF
    
      if uname | grep -q "MINGW"; then
        winpty openssl x509 -req -in $DOMAIN/server.csr -CA ./myCA.pem -CAkey ./myCA.key -CAcreateserial -out $DOMAIN/server.crt -days 36500 -extfile $DOMAIN/server.ext
      else
        openssl x509 -req -in $DOMAIN/server.csr -CA ./myCA.pem -CAkey ./myCA.key -CAcreateserial -out $DOMAIN/server.crt -days 36500 -extfile $DOMAIN/server.ext
      fi
      ```
    
     
  • 03.gen.sh First create a self-signed certificate, then execute gen.sh to generate the required domain name certificate and configure it to nginx

    
      #!/bin/bash
      # Get the directory where the current script is located
      script_dir=$(dirname "$0")
    
      sh $script_dir/02.build-ssl.sh nginx.devops.test.com
    
      sh $script_dir/02.build-ssl.sh apollo.devops.test.com
    
      sh $script_dir/02.build-ssl.sh rabbitmq.devops.test.com
      ```
    
     

The pit that has been stepped on

Windows environment nginx -s reload after multiple nginx processes

Currently, you can only delete the process and restart it through taskkill /fi "imagename eq nginx.EXE" /f

Use openssl in Windows need to add prefix winpty openssl

At the beginning, the openssl genrsa -out server.key 2048 command got stuck

I found an article later that said it was a problem with the git bash password. Adding the password parameter did the trick: openssl genrsa -des3 -out myCA.key -passout pass:mima 2048But for subsequent useopenssl reqis still stuck,

When I finally solved the problem of self-signed certificate credit extension, I found that the correct solution was to add winpty and use it

Local self-signed certificate configuration https browser still prompts that it is unsafe

Produce a certificate corresponding to the domain name, install the certificate on the client, find the solution, and the source of the idea stackoverflow

nginx.conf default configuration problem in container

Different versions may have different default configurations. You can copy the default configuration file of the container without mounting the configuration first, and then modify it based on the default configuration to avoid detours. Especially if you modify the configuration on Windows into the container, you need to pay attention to the path problem.

For example, in Windows, the static site root directory is configured as: root html;. In the container, it needs to be configured as root /usr/share/nginx/html; to take effect

Reloading configuration in container

docker exec nginx_1_24 nginx -s reload
 
  • Nginx download page
  • nssm download page
  • LAN configuration https reference

后语

I always search when I need it. This time I organized it and deepened its use for future use
The most profound thing is that this article solves the problem of insecure https prompts for custom domain names in LAN, which is simply pleasing to the eye.

Author: Yi Mo

Github:yimogit

Pure static tool site: metools

Note: Welcome to make bricks, please point out any shortcomings;

Confusion is probably because you think too much and do too little.

s reload

  • Nginx download page
  • nssm download page
  • LAN configuration https reference

后语

I always search when I need it. This time I organized it and deepened its use for future use
The most profound thing is that this article solves the problem of insecure https prompts for custom domain names in LAN, which is simply pleasing to the eye.

Author: Yi Mo

Github:yimogit

Pure static tool site: metools

Note: Welcome to make bricks, please point out any shortcomings;

Confusion is probably because you think too much and do too little.

This article is from the internet and does not represent1024programmerPosition, please indicate the source when reprinting:https://www.1024programmer.com/811412

author: admin

Previous article
Next article

Leave a Reply

Your email address will not be published. Required fields are marked *

Contact Us

Contact us

181-3619-1160

Online consultation: QQ交谈

E-mail: [email protected]

Working hours: Monday to Friday, 9:00-17:30, holidays off

Follow wechat
Scan wechat and follow us

Scan wechat and follow us

Follow Weibo
Back to top
首页
微信
电话
搜索