Nginx configuration https protocol super detailed!!!

Posted by snowrhythm on Fri, 14 Jan 2022 10:01:22 +0100

This article is based on Linux operating system demonstration.
Preparations: server with public IP (CentOS7), apply for a domain name, apply for SSL certificate for the domain name, and bind the server's public IP with the domain name.

1, Download and install Nginx

Nginx download website: http://nginx.org/en/download.html
Baidu online disk link: https://pan.baidu.com/s/1o2riynHpHobwOTF9C9R0RA
Extraction code: coff

  • Install the dependencies required by the c + + compiler and nginx. If not, an error will be reported during installation!
#Download dependency
yum -y install gcc pcre-devel zlib-devel openssl openssl-devel
  • Upload the downloaded installation package to the Linux server. Generally, it will be uploaded to the opt directory and unzip the installation package
#Unzip it to the / usr/local directory
tar -zxvf nginx-1.20.1.tar.gz -C /usr/local
#Enter the / usr/local directory
cd /usr/local
#I think the name is too long. You can change it
mv ./nginx-1.20.1 nginx
  • Enter the nginx directory, initialize, compile and install nginx. Note that some initialization paths must follow the directory where you installed nginx!
#Enter the nginx directory. I changed my name. If I didn't change my name, enter it according to my own directory
cd /usr/local/nginx
#Initialize nginx
./configure --prefix=/usr/local/nginx/ --pid-path=/run/nginx.pid  --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log  --with-http_ssl_module --with-http_v2_module --with-http_stub_status_module --with-pcre --with-stream
#compile
make
#install
make intall
  • start nginx
#Enter the sbin directory of nginx
cd /usr/local/nginx/sbin
#start nginx 
./nginx
  • The default port for accessing nginx is 80. Directly enter the server ip in the browser, and the interface shown in the figure below appears, indicating that nginx has been successfully installed.

    Note: if the access fails, the firewall may not open port 80, or port 80 may be occupied when starting. This article mainly explains how to configure the https protocol. I won't go into too much detail here. You can find the nginx configuration file for port occupation, change the listening port number, and the firewall open port is also mentioned in the article on building gitlab

2, Configure Https protocol

First, apply for an SSL certificate for the domain name from alicloud, that is, https protocol.
Then download the certificate file and certificate key file locally, and then unzip them. Be sure to unzip them first, and then upload them to the server. It is usually placed in the / usr/local/ssl directory. The ssl directory needs to be created by yourself.

  • Find the configuration file of nginx. It's best to back up the configuration file and leave a way for yourself.
  • After opening, find the HTTPS server module, which is generally commented out at the bottom
server {
        listen       443 ssl;  #https protocol default port 443
        server_name  [Own server IP Bound domain name];

        ssl_certificate      /usr/local/ssl/test.com.pem; #You need to set test com. Replace PEM with the name of the uploaded certificate file.
        ssl_certificate_key  /usr/local/ssl/test.com.key;  #You need to set test com. Key replaces the name of the uploaded certificate key file.

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers  on;

		location / {
        		index index.html index.htm;
        }
  • If you want to configure the http protocol to point to https, you can refer to the following (optional). If you don't want to configure, you can save and exit directly
server {
    listen 80;
    server_name [Replace with the domain name bound by the certificate]; #Same as above
    #You can also directly point to the configured https protocol domain name
    rewrite ^(.*)$ https://$host$1; # Redirect all HTTP requests to HTTPS through the rewrite instruction.
    location / {
        index index.html index.htm;
    }
}
  • Configuration completed! Save exit, restart nginx
#Go to the sbin directory of nginx
cd /usr/local/nginx/sbin
#Restart nginx
./nginx -s reload
  • Directly enter the domain name you configured in the browser, and the interface shown in the figure below appears, indicating that the configuration is successful
If the above interface does not appear, check the problem
 1,443 Port not open
 2,If not configured http point https,use http Protocol access is also not available https agreement
 3,The domain name is not filed with the Ministry of industry and information technology or is under filing
  • Port open
#Development 443 port
firewall-cmd --zone=public --add-port=443/tcp --permanent
#service iptables restart 
firewall-cmd --reload

Topics: Linux Nginx SSL https