Shulou(Shulou.com)05/31 Report--

This article mainly explains "how nginx uses ssl module configuration to support HTTPS access". Interested friends may wish to take a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn how nginx uses ssl module configuration to support HTTPS access.

Background:

WeChat Mini Programs is used in the development of the project, but the server configuration url must be https, so it is necessary to configure the ssl module of nginx to support https access, that is to say, to make a website whose domain name is dmsdbj.com requires access through https://dmsdbj.com.

The English name of ssl is secure socket layer, secure socket layer. Ssl is a kind of digital certificate, which uses ssl protocol to establish a secure channel between browser and web server, and data information is transmitted securely between client and server.

Premise:

1. The ca certificate is required to configure the ssl module. The ca certificate can be issued manually or applied in Aliyun. I applied for the certificate on Aliyun. (for manual issuance, please refer to the link at the bottom of the article)

two。 The ssl module is not installed by default. If you want to use this module, you need to specify the-with-http_ssl_module parameter when compiling nginx.

Ali Yun buys ca certificate

Procedure:

Download the ca certificate

1. Log in to Aliyun, select "console"-"products and Services", and select "ca Certificate Services (data Security)" in the "Security (Cloud Shield)" column.

two。 Click "download" on the purchased certificate, select "nginx/tengine" on the newly opened page, and click "download Certificate for nginx".

Install the certificate in the nginx configuration file

Document description: 1. The certificate file "certificate name .pem 'contains two paragraphs. Please do not delete any of them." two。 If it is a csr created by the certificate system, it also contains the certificate private key file "certificate name .key". (1) create a cert folder in the same directory as the configuration file for nginx, and copy all the downloaded files to the cert directory. If you created the csr file when you applied for the certificate, put the corresponding private key file in the cert directory and name it "certificate name .key"

(2) Open the nginx.conf file in the conf directory under the nginx installation directory and find:

# https server# # server {# listen 443 × # server_name localhost;# ssl on;# ssl_certificate cert.pem;# ssl_certificate_key cert.key;# ssl_session_timeout 5m export56 rc4mm ssl_protocols sslv2 sslv3 tlsv1;# ssl_ciphers / {# #} #}

(3) modify it to (the attributes that begin with ssl in the following attributes are directly related to the certificate configuration. Copy or adjust other attributes according to your actual situation):

Server {listen 443; server_name localhost; ssl on; root html; index index.html index.htm; ssl_certificate cert/ certificate name.pem; ssl_certificate_key cert/ certificate name.key; ssl_session_timeout 5m; ssl_ciphers ECDHUR RSAAE128MUBE RSAUAE 128Muffle GCMUSAA128Muffle GCMMULI Sha256 VOCEDHV ECDH Location / {root html; index index.html index.htm;}}

Save exit.

(4) restart nginx.

Nginx-s reload

(5) visit your site through https to test the installation and configuration of the site certificate. Enter https://dmsdbj.com in the browser, as shown in the following figure, which indicates that the configuration is successful.

Problems encountered during installation

Error one:

Nginx: [emerg] unknown directive "ssl" in / usr/local/nginx/conf/nginx.conf:151

Solution:

This error may be caused by two situations:

Case 1: the configuration file format is incorrect.

Solution reference link:

Case 2: the ssl module is not installed

The ssl module is not installed by default, and if you want to use it, you need to specify the-with-http_ssl_module parameter when compiling nginx, which can also lead to error two.

Solution:

Nginx lacks http_ssl_module module, so just take it with with-http_ssl_module configuration when compiling and installing, but now my nginx has been installed, how to add module is actually very simple, look down: make an explanation: my nginx installation directory is / usr/local/nginx this directory, my source package is in / usr/local/src/nginx-1.3.6 directory

(1) switch to source code package:

Cd / root/nginx-1.13.6

(2) configuration information:

. / configure-- prefix=/usr/local/nginx-- with-http_stub_status_module-- with-http_ssl_module

(3) after the configuration is complete, run make to compile, do not make install, otherwise it is to overwrite the installation.

Mark

(4) then back up the original installed nginx

Cp / usr/local/nginx/sbin/nginx / usr/local/nginx/sbin/nginx.bak

(5) stop nginx and direct nginx-s stop by normal command.

Nginx-s stop

If you can't turn it off, just kill the process. Ps aux | grep process name to view the pid number occupied by the process.

Ps aux | grep nginx

Just kill the checked pid, and the kill-9 pid command is used to terminate the process. You must kill the corresponding pid of root before you can pid the following three nobody.

Kill-9 10922kill-9 28276kill-9 28277kill-9 28278

(6) overwrite the newly compiled nginx with the original nginx

Cp. / objs/nginx / usr/local/nginx/sbin/

(7) start nginx

Nginx

(8) use the following command to see if you have joined successfully.

Nginx-v

Error 2:

Nginx: [emerg] the "ssl" parameter requires ngx_http_ssl_module in / usr/local/nginx/conf/nginx.conf:148

Solution:

The solution that occurs in this situation can refer to the solution in the second case of error one.

Error 3:

Stoping nginx... Nginx: [emerg] bio_new_file ("/ usr/local/nginx/conf/cert/214291778530222.pem") failed (ssl: error:02001002:system library:fopen:no such file or directory:fopen ('/ usr/local/nginx/conf/cert/214291778530222.pem','r') error:2006d080:bio routines:bio_new_file:no such file) failed. Use force-quit

Solution:

This may be caused by the incorrect location of the certificate path, and an error will be reported as long as the absolute path is written, regardless of windows or linux.

Just put the certificate file in the same directory as nginx.conf.

At this point, I believe you have a deeper understanding of "how nginx uses ssl module configuration to support HTTPS access". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.