Shulou(Shulou.com)06/02 Report--

Use ssl module configuration to support both http and https coexistence

First, generate a certificate

# 1. First, go to the directory where you want to create the certificate and private key, for example: cd / etc/nginx/# 2, create the server private key The command asks you to enter a password: openssl genrsa-des3-out server.key 102 passwords, create the certificate for the signature request (CSR): openssl req-new-key server.key-out server.csr# 4, remove the necessary passwords when loading the Nginx supported by SSL and using the private key mentioned above: cp server.key server.key.orgopenssl rsa-in server.key.org-out server.key# 5, Finally, mark the certificate using the above private key and CSR:openssl x509-req-days 365-in server.csr-signkey server.key-out server.crt

Second, configure nginx

Cd / etc/nginxvim nginx.conf## HTTPS server configuration#server {listen 443; IP address of server_name native; ssl on; ssl_certificate / etc/nginx/server.crt; ssl_certificate_key / etc/nginx/server.key; ssl_session_timeout 5m * * ssl on; ssl_certificate / etc/nginx/server.crt; ssl_certificate_key / SSL 5m * * # ssl_protocols SSLv2 SSLv3 TLSv1;# ssl_ciphers all "ADH" EXPORT56 "RC4RSA"High"Medi IUM"LOWIUM"SSLv2man" EXPist # ssl_prefer_server_ciphers on Location / {# root html; # index testssl.html index.html index.htm; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://IP address / ssl/;}}

Restart nginx, enter: https://IP address in the browser will jump to http://IP address / ssl/ address (later adjust to webservice interface address)

3. StartSSL free SSL certificate trusted by browsers:

Like VeriSign, StartSSL (http://www.startssl.com, company name: StartCom) is a CA organization.

Its root certificate has long been supported by browsers with open source backgrounds (Firefox, Google Chrome, Apple Safari, etc.).

4. If the project needs, redirect the access directory\ services\ from http access to https (solution: nginx rewrite plus location)

Location ~ / services/.*$ {if ($server_port ~ "^ 80 $") {set $rule_0 1 $rule_0;} if ($rule_0 = "1") {rewrite / (. *) https://IP address / $1 permanent; break;}}

Fifth, after the configuration is finished, use nginx-t to test whether the configuration is correct. Then reload the nginx service to check whether port 443 is listening.

/ usr/local/nginx/sbin/nginx-tnginx: the configuration file / usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file / usr/local/nginx/conf/nginx.conf test is successful (shows that there is no error in the configuration file) service nginx reload (reloads nginx service) netstat-lan | grep 443 (view port 443) tcp 00 0.0.0.0 tcp 443 0.0.0.0 grep * LISTEN (if you see this line, it means HTTPS is already working)

The above is the whole content of this article, I hope it will be helpful to your study, and I also hope that you will support it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.