In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-28 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Internet Technology >
Share
Shulou(Shulou.com)05/31 Report--
This article introduces the knowledge about "Nginx building https server instance analysis". In the actual case operation process, many people will encounter such difficulties. Next, let Xiaobian lead you to learn how to deal with these situations! I hope you can read carefully and learn something!
https profile
https(hypertext transfer protocol over secure socket layer) is an http channel with security as its goal. That is, add ssl layer under http. The security basis of https is ssl, so ssl is required for encrypted details.
It is a uri scheme (abstract identifier system), syntactically similar to http: , used for secure http data transmission. The default port used by https is 443.
SSL Certificates
Certificate Type Introduction
To set up a secure server, create a public-private key pair using the public key. In most cases, send a certificate request (including your own public key), your company credentials, and a fee to a certificate authority (ca).ca to verify the certificate request and your identity, and then return the certificate to your secure server.
However, the intranet implements encryption of a server-side and client-side transmission content, and can issue certificates to itself. You only need to ignore the browser's untrusted alarm!
CA signed certificates provide two important features for your server:
The browser automatically recognizes the certificate and allows a secure connection to be created without prompting the user
When a ca generates a signed certificate, it guarantees the identity of the organization providing the web page to the browser.
Most ssl-enabled web servers have a ca list whose certificates are automatically accepted. When a browser encounters a certificate whose authorization ca is not in the list, the browser asks the user whether to accept or reject the connection.
Generate SSL Certificates
openssl genrsa -des3 -out wangzhengyi.key 2048
openssl req -new -key wangzhengyi.key -out wangzhengyi.csr
Create a self-signed ca certificate
openssl req -new -x509 -days 3650 -key wangzhengyi_nopass.key -out wangzhengyi.crt
Build https virtual host
Virtual Host Profiles
upstream sslfpm { server 127.0.0.1:9000 weight=10 max_fails=3 fail_timeout=20s;}server { listen 192.168.1.*: 443; server_name 192.168.1.*; #Enable ssl support for a server on; #Specify a certificate file ssl_certificate in pem format for the virtual host /home/wangzhengyi/ssl/wangzhengyi.crt; #Specify the private key file ssl_certificate_key /home/wangzhengyi/ssl/wangzhengyi_nopass.key for the virtual host; #The client can reuse the session parameters stored in the cache ssl_session_timeout 5m; #Specify the ssl protocols ssl_v 3 tlsv1 used; #Specify the password descriptions ssl_ciphers all:! adh:! export56:rc4+rsa:+high:+medium:+low:+ sslv2:+exp; #sslv3 and tlsv1 require server passwords with higher priority than client passwords ssl_prefer_server_ciphers on; location / { root /home/wangzhengyi/ssl/; autoindex on; autoindex_exact_size off; autoindex_localtime on; } # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; error_page 404 /404.html; location = /50x.html { root /usr/share/nginx/www; } location = /404.html { root /usr/share/nginx/www; } # proxy the php scripts to fpm location ~ \.php$ { access_log /var/log/nginx/ssl/ssl.access.log main; error_log /var/log/nginx/ssl/ssl.error.log; root /home/wangzhengyi/ssl/; fastcgi_param https on; include /etc/nginx/fastcgi_params; fastcgi_pass sslfpm; }}"Nginx build https server instance analysis" content is introduced here, thank you for reading. If you want to know more about industry-related knowledge, you can pay attention to the website. Xiaobian will output more high-quality practical articles for everyone!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.