Nginx configures SSL to implement HTTPS access to white text

Just after the deployment of the server, I was full of joy to visit their website, to see where all satisfied. But then the excitement goes, hey, why is it unsafe in the top left corner of the browser? On second thought, no, I also want to get HTTPS, I also want to lock!

HTTP sends content in plaintext and does not provide any data encryption. To secure data transmission, HTTPS adds SSL to HTTP. SSL relies on certificates to verify the identity of the server and encrypts the communication between the browser and the server.

To apply for the certificate

Here, I directly apply for the free certificate of Tencent Cloud. Note here that the free certificate issued by the Asian integrity Organization can only be used for one domain name, and those sub-domain names need to be applied for separately. Don’t say, this Tencent inside the application is quite fast, more than 10 minutes passed. Download a zip file, unzip it, open the Nginx folder and copy the 1_XXX.com. CRT and 2_XXX.com.key files.

Open the nginx configuration file

You can find the location of the nginx file using the whereis nginx command if you don’t know it.

# run user, default is nginx, can not set
user  nginx;
#Nginx process, generally set to the same number of CPU cores
worker_processes  1;

# Error log directory
error_log  /var/log/nginx/error.log warn;
# Process PID location
pid        /var/run/nginx.pid;

events {
    worker_connections  1024; # Maximum number of concurrent requests for a single background process
}

http {
    include       /etc/nginx/mime.types; File extension and type mapping table
    default_type  application/octet-stream; The default file type
    Set the logging mode
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main; #nginx access log location

    sendfile        on; Enable efficient transmission mode
    #tcp_nopush on; # Reduce the number of network packet segments

    keepalive_timeout  65; # Time to hold a connection, also known as timeout

    #gzip on; Enable gzip compression

    include /etc/nginx/conf.d/*.conf; # Contains the location and file of the child configuration item
}
Copy the code

This is the global configuration. For better management, we will configure the subprojects in the /etc/nginx/conf.d folder declared on the last line. Open the default.conf file inside

Configure the virtual host configuration
server {
  This is the SSL access port
  listen    443;
  # define the use of access domain name
  server_name  XXX.com;
  # define the default site root location for the server
  root /web/www/website/dist;  

  # Set the access log of this virtual host
  access_log  logs/nginx.access.log  main;

  Nginx / /etc/nginx.conf /nginx.conf
  ssl on;
  ssl_certificate 1_XXX.com_bundle.crt;
  ssl_certificate_key 2_XXX.com.key;
  ssl_session_timeout 5m;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2; Configure according to this protocolssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:! aNULL:! MD5:! RC4:! DHE;Configure as per this suite
  ssl_prefer_server_ciphers on;

  # default request
  location / {     
  root /web/www/website/dist;      
      Define the name of the index file on the home page
      index index.html;
  }

  # static file, nginx handles itself
  location ~ ^/(images|javascript|js|css|flash|media|static)/ {
      Static files don't update very much. The expiration date can be set to a bit larger.
      If you update frequently, you can set it to a smaller size.
      expires 30d;
  }

  # Disable access to.htxxx files
  # location ~ /.ht {
  # deny all;
  #}

}
server
{
  Port 80 is the normal HTTP access interface
  listen 80;
  server_name XXX.com;
  In this case, I have done HTTPS full encryption, and automatically redirect to HTTPS when accessing HTTP
  rewrite ^(.*) https://$hostThe $1 permanent;
}
Copy the code

Well, that’s about it. It’s pretty simple. Little white welfare.

nginx -t
Copy the code

Nginx -s reload is a normal configuration reload.

# stop nginx
nginx -s stop
# start
nginx
Copy the code

Restart and visit your site again, TSK TSK, perfect, top left corner with a lock, indicating a secure connection. Oh, done. Happy.

Nginx daily operation commands

Nginx -t tests configuration files
Nginx -s reload takes effect after the configuration is changed
Nginx -s reopen the log file
Nginx -s stop Stops quickly
nginx -s quit

Ps – see nginx process ef | grep nginx

Nginx configures SSL to implement HTTPS access to white text

To apply for the certificate

Open the nginx configuration file

Nginx daily operation commands

Related Posts

Note the development of a highly reusable radio – multiple (non-radio, checkbok) component

Technical selection of JAVA Open Source Software — The birth of open Source software 2

Introduction to several practical Ruby Web development frameworks