rewrite directory mapping, configure nginx to receive https requests

1. Use rewrite to rewrite the url: /test/test1/test2/test.html /test.html Normal access: The browser address bar does not change. Temporary redirection: 302 Permanent redirection: 301

Step 1: Preparation->Create the corresponding directories and files

[root@server ~]# mkdir mkdir /www/ip/129 -p
[root@server ~]# mkdir test/test1/test2 -p
[root@server ~]# echo "hello" > test/test1/test2/test.html
[root@server ~]# echo "bye" > /www/ip/129/test.html

Step 2: Create a new virtual host in /etc/nginx/conf.d/multi_site.conf to complete the requirements

#During normal access
server {
    listen 192.168.118.129:9090;
    server_name rewrite;
    location/{
        root /www/ip/129;
        index index.html;
        rewrite ^/test/test1/test2/(.*).html$ /$1.html;
    }
}
?
#Temporary redirection
server {
    listen 192.168.118.129:9090;
    server_name rewrite;
    location/{
        root /www/ip/129;
        index index.html;
        rewrite ^/test/test1/test2/(.*).html$ /$1.html redirect;
    }
}
?
#Permanent redirect
server {
    listen 192.168.118.129:9090;
    server_name rewrite;
    location/{
        root /www/ip/129;
        index index.html;
        rewrite ^/test/test1/test2/(.*).html$ /$1.html permanent;
    }
}

Step 3: Restart nginx to test whether the mapping is successful

image-20231015193907993

image-20231015194651355

image-20231015194918978

2. Configure nginx to receive https requests

  • Step 1: Generate private key file

[root@server ~]# cd /etc/nginx/
[root@server nginx]# mkdir cert
[root@server nginx]# cd cert/
[root@server cert]# openssl genrsa -out ca.key 2048

  • Step 2: Generate public key file

[root@server cert]# openssl rsa -in ca.key -pubout -out ca.pub
writing RSA key
[root@server cert]# ls -l
Total usage 8
-rw------- 1 root root 1704 October 15 20:15 ca.key
-rw-r--r-- 1 root root 451 October 15 20:17 ca.pub

  • Step 3: Generate CA application documents

[root@server cert]# openssl req -new -key ca.key -out ca.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Shaanxi
Locality Name (eg, city) [Default City]:Xi'an
Organization Name (eg, company) [Default Company Ltd]:CE
Organizational Unit Name (eg, section) []:test
Common Name (eg, your name or your server's hostname) []:server
Email Address []:[email protected]
?
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

  • Step 4: Generate the CA’s self-signed certificate

[root@server cert]# openssl x509 -req -in ca.csr -signkey ca.key -out ca.crt -days 365
[root@server cert]# ls -l
Total usage 16
-rw-r--r-- 1 root root 1261 October 15 20:23 ca.crt
-rw-r--r-- 1 root root 1025 October 15 20:21 ca.csr
-rw------- 1 root root 1704 October 15 20:15 ca.key
-rw-r--r-- 1 root root 451 October 15 20:17 ca.pub

  • Step 5: Generate the server’s private key

[root@server cert]# openssl genrsa -out server.key 2048

  • Step 6: Generate server-side certificate application file

[root@server cert]# openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Shaanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:CE
Organizational Unit Name (eg, section) []:shiyou
Common Name (eg, your name or your server's hostname) []:server1
Email Address []:[email protected]
?
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

  • Step 7: Use the CA organization’s ca.crt and ca.key to issue a certificate for the server.csr application file

[root@server cert]# openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -days 3650 -out server.crt

  • Step 8: Configure virtual host

[root@server cert]# vim /etc/nginx/conf.d/https.conf
server {
    listen 443 ssl;
    ssl_certificate cert/server.crt;
    ssl_certificate_key cert/server.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;
?
    location/{
        root /www/https;
        index index.html;
    }
}
[root@server cert]# mkdir /www/https -p
[root@server cert]# echo "https" > /www/https/index.html
[root@server cert]# nginx -c /etc/nginx/nginx.conf -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@server cert]# systemctl restart nginx

  • Step 9: Test on Windows

image-20231019173350274

image-20231019173419259