Modify Nginx configuration to implement https request (SSL certificate deployment)

Posted by CrashRoX on Tue, 19 May 2020 11:52:26 +0200

When it comes to [Nginx] () servers, I think the biggest characteristics are lightweight and high performance. Through testing on several different servers, it is found that its concurrency is very strong, and it eats a lot less [memory] (). At present, it is the preferred HTTP and reverse proxy server for most webmasters. The webmaster's own website, including the operation and maintenance service of the enterprise server, is Nginx. Apache, of course. If you are interested, please take a look Comparison between Nginx and Apache.

This article mainly shares the operation process of installing SSL module and enabling HTTPS configuration in Nginx.

1, SSL module installation of Nginx

Check whether nginx installs http_ssl_module module.

$ /usr/local/nginx/sbin/nginx -V

If configure arguments appear: – with http_ ssl_ Module is installed (the following steps can be skipped to enter nginx.conf Configuration).

Download the Nginx installation package. Of course, download it on the Nginx official website.

Download the installation package to src directory

$ cd /usr/local/src
$ wget

Unzip the installation package.

$ tar -zxvf nginx-1.15.9.tar.gz

Configure the SSL module.

$ cd nginx-1.15.9
$ ./configure --prefix=/usr/local/nginx --with-http_ssl_module

Compile with the make command (using make install will reinstall nginx), and the objs folder will appear in the current directory.

Overwrite the current nginx file with a new nginx file.

$ cp ./objs/nginx /usr/local/nginx/sbin/

Check the installed modules again (configure arguments: - with http_ ssl_ Module indicates that the SSL module is installed.

$ /usr/local/nginx/sbin/nginx -V

nginx version: nginx/1.15.9
configure arguments: --with-http_ssl_module

2, SSL certificate deployment

What we use here is Alicloud Free certificate for 1 year, Application address is here.

If you can't find alicloud's free ssl entry, please refer to the following article: Is alicloud free SSL HTTPS certificate gone? It was hidden! (Figure)

Download the applied ssl certificate file compression package to the local and extract it (here are the pem and key files used, and the file name can be changed).

Create a new cert folder in nginx directory to store the certificate file.

$ cd /usr/local/nginx
$ mkdir cert

Upload these two files to the cert directory of the server.
Here, use the scp command uploaded from the mac terminal to the server (you need to open a new terminal instead of using the window connecting to the server):

$ scp /Users/yourname/Downloads/ssl.pem
$ scp /Users/yourname/Downloads/ssl.key

scp [local file path, drag the file directly to the terminal] [server login name > @ < server IP address >: < path on server >]

III Nginx.conf to configure

Edit / usr/local/nginx/conf/nginx.conf Profile:

Configure https server . Comment out the previous http server configuration and add https server:

server {
    # The server port uses 443 to enable ssl, which is the ssl module installed above
    listen       443 ssl;
    # Domain name, multiple separated by spaces
    # ssl certificate address
    ssl_certificate     /usr/local/nginx/cert/ssl.pem;  # Path to pem file
    ssl_certificate_key  /usr/local/nginx/cert/ssl.key; # Path of key file
    # ssl authentication related configuration
    ssl_session_timeout  5m;    #Cache validity
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;    #encryption algorithm 
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;    #Secure link optional encryption protocol
    ssl_prefer_server_ciphers on;   #Using the preferred algorithm on the server side

    location / {
        root   html;
        index  index.html index.htm;

Redirect http to https.

server {
    listen       80;
    return 301 https://$server_name$request_uri;

4, Restart nginx

$ /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf

If port 80 is occupied, use kill [id] to end the process:

# View port usage
$ netstat -lntp

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0    *               LISTEN      21307/nginx: master 
tcp        0      0    *               LISTEN      3072/sshd           
tcp        0      0   *               LISTEN      21307/nginx: master 

# End 80 port process
$ kill 21307

Restart nginx again:

$ /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf


service nginx restart

Previous articles

Nginx series tutorial (1) basic introduction and installation of nginx

Nginx series tutorial (2) nginx building static resource web server

Nginx tutorial series (3) static files on nginx cache server

Nginx series tutorials (4) nginx deals with load balancing of web applications to ensure high concurrency

Nginx series tutorial (5) how to guarantee the high availability of nginx

Nginx series of tutorials (6) detailed explanation of nginx location matching rules

Nginx series(7)Detailed description of nginx rewrite configuration rules

Nginx series tutorial (8) nginx configuring security certificate SSL

Nginx series tutorial (9) nginx Solving session consistency

Nginx series (10) solve the cross domain problem of front-end access to back-end services based on nginx (invalid Session and cookie) Solve the cross domain problem of front-end access to back-end services based on Nginx (invalid Session and cookie) ")

Topics: Web Server Nginx SSL Session Apache