Chrome https连接不安全-Nginx https服务器

问题描述 投票:0回答:1

我在VirtualBox客户机设备上安装了Windows10主机,并安装了GUIless ubuntu。我为Ubuntu(198.162.0.110)提供了专用的家庭网络静态IP地址。在此VBox-ubuntu上,我设置了nginx代理服务器,该服务器启用与开发HTTP Rails服务器的HTTPS连接。我使用ssh(putty,vscode-ssh,winscp和其他工具)连接将主机(win10)连接到来宾(Ubuntu),以便利用Windows上的开发环境。

我管理了可通过HTTPS进行连接的Nginx代理服务器的设置(我需要使用它来开发和测试安全cookie等。

现在,我可以像这样连接到服务器应用程序:https://192.168.0.110“成功”,但是出现以下问题:

enter image description here

我进入Proceed to 192.168.0.110 (unsafe),该应用程序出现并开始工作。但是现在我必须实现社交网络登录(Facebook),并且此Not secure似乎是个问题。Facebook要求安全连接:

enter image description here

这是我的Nginx配置:

 server {
        listen 443 ssl;
        listen 80;
        server_name 192.168.0.110 localhost 127.0.0.1;
        root /home/csrhub/git/csrhub-frontend/public/rails;
        index index.html;
        location / {
                proxy_pass http://127.0.0.1:8016/;
                proxy_set_header X-Real-IP $remote_addr; 
                proxy_set_header Host $http_host;
                proxy_set_header Port 443;
                proxy_ssl_trusted_certificate /etc/nginx/ssl/certs/homerouter/homerouter.crt;
                proxy_read_timeout 80s;
        }
        location /api/v2/ {
                proxy_pass http://127.0.0.1:8014;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header Host $http_host;
                proxy_redirect http:// https://;
        }

        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers         AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
        ssl_certificate      /etc/nginx/ssl/certs/homerouter/homerouter.crt;
        ssl_certificate_key  /etc/nginx/ssl/certs/homerouter/homerouter.key;
        ssl_session_cache   shared:SSL:10m;
        ssl_session_timeout 10m;
}

这是我生成证书的方式:openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout homerouter.key -out homerouter.crt -config homerouter.conf

这是生成证书时使用的配置文件homerouter.conf

[req]
default_bits       = 2048
default_keyfile    = localhost.key
distinguished_name = req_distinguished_name
req_extensions     = req_ext
x509_extensions    = v3_ca

[req_distinguished_name]
countryName                 = Country Name (2 letter code)
countryName_default         = US
stateOrProvinceName         = State or Province Name (full name)
stateOrProvinceName_default = New York
localityName                = Locality Name (eg, city)
localityName_default        = Rochester
organizationName            = Organization Name (eg, company)
organizationName_default    = localhost
organizationalUnitName      = organizationalunit
organizationalUnitName_default = Development
commonName                  = Common Name (e.g. server FQDN or YOUR name)
commonName_default          = localhost
commonName_max              = 64

[req_ext]
subjectAltName = @alt_names

[v3_ca]
subjectAltName = @alt_names

[alt_names]
DNS.1   = localhost
DNS.2   = 127.0.0.1
DNS.3   = 192.168.0.110
DNS.4   = 192.168.43.60

显然,我缺少某些东西,或者至少我做的方法不正确。请帮助我确保此连接的安全。最后,这是我的家庭本地网络-一切都在这里受信任。

nginx https ssl-certificate
1个回答
0
投票

哦,我发现了问题:

[首先,我必须将commonName添加为主机名(我将homerouter选择为nginx所在的本地网络地址192.168.0.1的公共名称)在我的Windows(主机)上的方法如下:https://www.liquidweb.com/kb/edit-host-file-windows-10/

然后,在我的[[homerouter.conf中,我更改了一些字段,如下所示:

........ default_keyfile = homerouter.key ........ commonName = homerouter commonName_default = homerouter commonName_max = 64 [req_ext] subjectAltName = @alt_names [v3_ca] subjectAltName = @alt_names [alt_names] DNS.1 = localhost DNS.2 = 127.0.0.1 DNS.3 = 192.168.0.110 DNS.4 = 192.168.43.60 DNS.5 = homerouter 
然后我运行了以下命令:
certutil -d sql:$HOME/ssl/nssdb -A -t "P,," -n "homerouter" -i homerouter.crt
我没有相应的数据库,所以我不得不创建一个新的数据库。怎么样?参见here。当然,还向Chorme添加了新生成的证书。
所有人都起到了魅力!
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.