How to configure https for private deployment of WizNote

3 weeks ago

If you need to configure the HTTPS service for a private deployment of notes, you should add an nginx service yourself and configure your website certificate on this nginx. Specific nginx installation and startup methods, please search for yourself.

ssl Certificate Configuration

Note: change the path to your cert path.

ssl_certificate /etc/nginx/server.crt;  
ssl_certificate_key /etc/nginx/server.key; 
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5:!EXP;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;

Since the private service needs to dynamically obtain your domain name and the protocol used by the client, you need to add some configuration to your nginx service, so that the protocol used by the client can be passed to the service.

Configuring automatic acquisition protocol mode

In this way, the client can use the http or https protocol, the service can read the protocol used by the client to automatically.

Configure the nginx server (proxy proxy_set_header). In the server, add the following configuration:

server {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        ...
}

If your nginx has only one server module, or other server modules have no special requirements, then the above configuration can also be configured into the http module:

http {
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header Host $http_host;
       proxy_set_header X-Forwarded-Proto $scheme;
       ...
}

If your nginx has multiple layers, you may need additional configuration: Add the following configuration to the http module:

http {
    map $http_x_forwarded_proto $thescheme {
          default $scheme;
          https https;
    }
   ...
}

Then in the server module (or http module), replace the proxy_set_header X-Forwarded-Proto $scheme; in the previous configuration with the following code:

proxy_set_header X-Forwarded-Proto $thescheme;

Then restart the nginx service.

Enforce the use of the https protocol

If your nginx service is not directly facing the end user, but behind some load balancing/cdn, and your ssl certificate is configured on these load balancing/cdn, it may cause nginx to fail to get the client correctly. The protocol used by the terminal, which makes it impossible to pass the protocol used by the client to the service. In this case, you can modify the nginx configuration to force the notification service to use the https protocol.

Modify the previous configuration and directly modify proxy_set_header X-Forwarded-Proto $scheme

  proxy_set_header X-Forwarded-Proto "https";

Test Configuration

Enter in the browser: (Note that the https protocol, modify your-server to your own server address)

https://your-server/?p=wiz&c=endpoints

Under normal circumstances, it will return a json data, check the value of the first key wizas, under normal circumstances, it should be the beginning of https. If it is the beginning of http, the configuration does not take effect.

If you still can't use the https protocol in the above way, please contact our customer service.