Shulou(Shulou.com)06/01 Report--

How to set up a https website using nginx? In view of this problem, this article introduces the corresponding analysis and answers in detail, hoping to help more partners who want to solve this problem to find a more simple and feasible way.

A brief introduction to HTTPS

Introduction to 1.https

HTTPS actually consists of two parts: HTTP + SSL / TLS, that is, adding a layer of module to HTTP to deal with encrypted information. The information transmission between the server and the client is encrypted through TLS, so the transmitted data is encrypted.

Principle of 2.https protocol

First of all, the client establishes a connection with the server and generates a private key and a public key, which are different. The server returns a public key to the client, and then the client takes this public key to encrypt the thing to be searched, which is called ciphertext, and returns it to the server together with its own public key. The server decrypts the ciphertext with its own private key, and then encrypts the response data with the client's public key and returns it to the client. The client decrypts the ciphertext with its own private key and presents the data.

II. Generation of certificates and private keys

Note: generally generated directories should be placed in the nginx/conf/ssl directory

1. Create the server certificate key file server.key:

Openssl genrsa-des3-out server.key 1024

Enter the password, confirm the password, and define it yourself, but remember that you will use it later.

two。 Create the application file server.csr for the server certificate

Openssl req-new-key server.key-out server.csr

The output is as follows:

Enter pass phrase for root.key: ← enter the password created earlier

Country Name (2 letter code) [AU]: CN ← country code, China input CN

State or Province Name (full name) [Some-State]: full name of BeiJing ← province, Pinyin

Locality Name (eg, city) []: full name of BeiJing ←, Pinyin

Organization Name (eg, company) [Internet Widgits Pty Ltd]: MyCompany Corp. ← Company

Organizational Unit Name (eg, section) []: ← may not be entered

Common Name (eg, YOUR name) []: ← does not enter at this time

Email Address []: admin@mycompany.com ← email address, which can be filled in at will

Please enter the following 'extra' attributes

To be sent with your certificate request

A challenge password []: ← may not be entered

An optional company name []: ← may not be entered

4. Back up a server key file

Cp server.key server.key.org

5. Remove file password

Openssl rsa-in server.key.org-out server.key

6. Generate certificate file server.crt

Openssl x509-req-days 365-in server.csr-signkey server.key-out server.crt

III. Configuration file

1. The following is the configuration file / usr/local/nginx/conf/vhost/daj.conf

Server {# compared to the default 80, ssl listen 443 default ssl;#default can be omitted # if the ssl on; line is removed, the ssl is written after port 443 if the line is removed. In this way, the link between http and https can use the ssl on;# certificate (public key. The ssl_certificate ssl/server.crt;# private key sent to the client. Below the ssl_certificate_key ssl/server.key;# is the bound domain server_name www.daj.com; location / {# forbidden to jump to proxy_redirect off;# proxy Taobao proxy_pass https://www.tao.com/;}}.

4. Open the ssl module of nginx

1.the "ssl" parameter requires ngx_http_ssl_module in / usr/local/nginx/conf/nginx.conf:37

The reason is that nginx lacks a http_ssl_module module, so you can compile and install it with with-http_ssl_module configuration.

two。 If you have already installed nginx, if you want to add modules, see below

1) switch to nginx source code package

Cd / usr/local/src/nginx-1.11.3

2) View the original modules of ngixn

/ usr/local/nginx/sbin/nginx-V

3) reconfigure

. / configure-- prefix=/usr/local/nginx-- with-http_stub_status_module-- with-http_ssl_module

4) recompile without make install installation. Otherwise it will be overwritten.

Make

5) back up the previously installed nginx

Cp / usr/local/nginx/sbin/nginx / usr/local/nginx/sbin/nginx.bak

6) overwrite the newly compiled nginx with the original nginx (ngixn must be stopped)

Cp. / objs/nginx / usr/local/nginx/sbin/

At this point, you will be prompted whether to overwrite or not. Enter yes, and enter directly whether to overwrite by default.

7) start nginx, check the nginx module, and find that it has been added

/ usr/local/nginx/sbin/nginx-V this is the answer to the question about how to set up the https website using nginx. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel for more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.