When it comes to [Nginx] () servers, I think the biggest characteristics are lightweight and high performance. Through testing on several different servers, it is found that its concurrency is very strong, and it eats a lot less [memory] (). At present, it is the preferred HTTP and reverse proxy server for most webmasters. The webmaster's own website, including the operation and maintenance service of the enterprise server, is Nginx. Apache, of course. If you are interested, please take a look Comparison between Nginx and Apache.
This article mainly shares the operation process of installing SSL module and enabling HTTPS configuration in Nginx.
1, SSL module installation of Nginx
Check whether nginx installs http_ssl_module module.
$ /usr/local/nginx/sbin/nginx -V
If configure arguments appear: – with http_ ssl_ Module is installed (the following steps can be skipped to enter nginx.conf Configuration).
Download the Nginx installation package. Of course, download it on the Nginx official website.
Download the installation package to src directory
$ cd /usr/local/src $ wget http://nginx.org/download/nginx-1.15.9.tar.gz
Unzip the installation package.
$ tar -zxvf nginx-1.15.9.tar.gz
Configure the SSL module.
$ cd nginx-1.15.9 $ ./configure --prefix=/usr/local/nginx --with-http_ssl_module
Compile with the make command (using make install will reinstall nginx), and the objs folder will appear in the current directory.
Overwrite the current nginx file with a new nginx file.
$ cp ./objs/nginx /usr/local/nginx/sbin/
Check the installed modules again (configure arguments: - with http_ ssl_ Module indicates that the SSL module is installed.
$ /usr/local/nginx/sbin/nginx -V nginx version: nginx/1.15.9 ... configure arguments: --with-http_ssl_module
2, SSL certificate deployment
What we use here is Alicloud Free certificate for 1 year, Application address is here.
If you can't find alicloud's free ssl entry, please refer to the following article: Is alicloud free SSL HTTPS certificate gone? It was hidden! (Figure)
Download the applied ssl certificate file compression package to the local and extract it (here are the pem and key files used, and the file name can be changed).
Create a new cert folder in nginx directory to store the certificate file.
$ cd /usr/local/nginx $ mkdir cert
Upload these two files to the cert directory of the server.
Here, use the scp command uploaded from the mac terminal to the server (you need to open a new terminal instead of using the window connecting to the server):
$ scp /Users/yourname/Downloads/ssl.pem root@xxx.xx.xxx.xx:/usr/local/nginx/cert/ $ scp /Users/yourname/Downloads/ssl.key root@xxx.xx.xxx.xx:/usr/local/nginx/cert/
scp [local file path, drag the file directly to the terminal] [server login name > @ < server IP address >: < path on server >]
III Nginx.conf to configure
Edit / usr/local/nginx/conf/nginx.conf Profile:
Configure https server . Comment out the previous http server configuration and add https server:
server { # The server port uses 443 to enable ssl, which is the ssl module installed above listen 443 ssl; # Domain name, multiple separated by spaces server_name hack520.com www.hack520.com; # ssl certificate address ssl_certificate /usr/local/nginx/cert/ssl.pem; # Path to pem file ssl_certificate_key /usr/local/nginx/cert/ssl.key; # Path of key file # ssl authentication related configuration ssl_session_timeout 5m; #Cache validity ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #encryption algorithm ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #Secure link optional encryption protocol ssl_prefer_server_ciphers on; #Using the preferred algorithm on the server side location / { root html; index index.html index.htm; } }
Redirect http to https.
server { listen 80; server_name hack520.com www.hack520.com; return 301 https://$server_name$request_uri; }
4, Restart nginx
$ /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
If port 80 is occupied, use kill [id] to end the process:
# View port usage $ netstat -lntp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 21307/nginx: master tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3072/sshd tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 21307/nginx: master # End 80 port process $ kill 21307
Restart nginx again:
$ /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
Or:
service nginx restart
Previous articles
Nginx series tutorial (1) basic introduction and installation of nginx
Nginx series tutorial (2) nginx building static resource web server
Nginx tutorial series (3) static files on nginx cache server
Nginx series tutorial (5) how to guarantee the high availability of nginx
Nginx series of tutorials (6) detailed explanation of nginx location matching rules
Nginx series(7)Detailed description of nginx rewrite configuration rules
Nginx series tutorial (8) nginx configuring security certificate SSL
Nginx series tutorial (9) nginx Solving session consistency
Nginx series (10) solve the cross domain problem of front-end access to back-end services based on nginx (invalid Session and cookie) Solve the cross domain problem of front-end access to back-end services based on Nginx (invalid Session and cookie) ")