Issue
I made reverse proxy on my nginx like this
server {
listen 80;
server_name localhost;
return 301 https://[my domein]$request_uri;
}
this works well, when I access http://xxx.xxx.xxx.xxx/index.html. My nginx redirect to https://[my domain]/index.html
But, when I access https://xxx.xxx.xxx.xxx/index.html Chrome shows “Your connection is not private” error. Self-signed certificates do not help avoid this error. A CA-signed certificate is required. In this case, how do I get the SSL certificate for localhost? It is localhost. No one could issue a localhost certificate, I think.
Does anyone know a good way to solve this problem?
Solution
Use mkcert.
Install mkcert
sudo apt install libnss3-tools
Check mkcert releases page for the latest version. As of this writing, the latest release is.v1.4.3
export VER="v1.4.3"
wget -O mkcert https://github.com/FiloSottile/mkcert/releases/download/${VER}/mkcert-${VER}-linux-amd64
chmod +x mkcert
sudo mv mkcert /usr/local/bin
Install certificate generate locally trusted SSL certificates
mkcert -install
ls -1 ~/.local/share/mkcert
mkdir ~/cert && cd ~/cert
mkcert crm.site '*.crm.site' localhost 127.0.0.1 ::1
Add to nginx
sudo nano /etc/nginx/sites-available/crm.site
server {
listen *:443 ssl http2;
index index.php;
root /home/andrey/crm.site;
server_name crm.site *.crm.site;
ssl_certificate /home/andrey/cert/crm.site+4.pem;
ssl_certificate_key /home/andrey/cert/crm.site+4-key.pem;
client_max_body_size 128M;
client_body_buffer_size 128k;
location / {
try_files $uri $uri/ /index.php?$args;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains" always;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
}
and restart nginx
sudo service nginx restart
Answered By - Andrey Answer Checked By - Mildred Charles (PHPFixing Admin)
0 Comments:
Post a Comment
Note: Only a member of this blog may post a comment.