Shulou(Shulou.com)05/31 Report--

This article mainly introduces the relevant knowledge of "how to configure ssl for https access in nginx". The editor shows you the operation process through an actual case. The operation method is simple, fast and practical. I hope that this article "how to configure ssl to achieve https access in nginx" can help you solve the problem.

Apply for a certificate

Here, I directly apply for a free certificate from Tencent Cloud. It should be noted here that the free certificate issued by the Asian Integrity Organization can only be used by one domain name, and those sub-domain names need to be applied separately. Needless to say, the application in Tencent was quite fast and passed in more than ten minutes. Download a zip file, unzip it, open the nginx folder inside, and copy the 1_xxx.com_bundle.crt and 2_xxx.com.key files.

Open the nginx configuration file

If you don't know the location of the nginx file, you can find it through the whereis nginx command.

My configuration file is in / ect/nginx. Now copy the two certificate files and configure them directly later. The configuration file of nginx is nginx.conf, and the configuration contents are as follows. For ease of understanding, I have added comments.

# for running users, the default is nginx. You can not set the user nginx;#nginx process to the same number as cpu cores. Generally, it is set to the same number as cpu cores. # error log storage directory error_log / var/log/nginx/error.log warn;# process pid location pid / var/run/nginx.pid;events {worker_connections 1024; # maximum concurrency of a single background process} http {include / etc/nginx/mime.types # File extension and type mapping table default_type application/octet-stream; # default file type # set log mode log_format main'$remote_addr-$remote_user [$time_local] "$request"'$status $body_bytes_sent "$http_referer"''"$http_user_agent"$http_x_forwarded_for"; access_log / var/log/nginx/access.log main; # nginx access log location sendfile on # enable efficient transfer mode # tcp_nopush on; # reduce the number of network message segments keepalive_timeout 65; # stay connected, also known as timeout # gzip on; # enable gzip compression include / etc/nginx/conf.d/*.conf; # subconfiguration item locations and files}

Just take a quick look at it. This is the global configuration. For better management, let's do the subproject configuration in the / etc/nginx/conf.d folder declared on the last line.

Open the default.conf inside.

# set the virtual host configuration server {# listen on port 443, this is the ssl access port listen 443; # define the default web site root location of the server using the access domain server_name xxx.com; # define the default web site root location of the server root / web/www/website/dist; # set the access log access_log logs/nginx.access.log main of this virtual host # these are the configurations recommended by Tencent Cloud. Just use them directly. Just modify the path of the certificate. Note that these paths are relative to the location of / etc/nginx/nginx.conf file, ssl on; ssl_certificate 1roomxxx.com, ssl_session_timeout 5m, ssl_protocols tlsv1 tlsv1.1 tlsv1.2. # configure ssl_ciphers ecdhem according to this protocol: ssl_ciphers ECDHUR RSAMIQAE128MYGMUTHAE128MUTHAY Sha256HUTHULLULAR "Md5location" rc4HERV DHETITE # configure ECDH according to this suite # default request location / {root / web/www/website/dist; # define the name of the home index file index index.html } # static files. Nginx handles location ~ ^ / (images | javascript | js | css | flash | media | static) / {# expires for 30 days. Static files are not updated. Expiration can be set to a larger size. # if updated frequently, it can be set to a smaller size. Expires 30d;} # prohibit access to .htxxx files # location ~ / .ht {# deny all; #} server {# 80 is the interface listen 80 normally accessed by http; server_name xxx.com; # here, I have done https full encryption, and automatically jump to https rewrite ^ (. *) https://$host$1 permanent;} when accessing http

Well, that's the basic configuration. It's pretty simple, isn't it? Rookie Foley.

Then we write the configuration file and test it with nginx.

Nginx-t

All right, after this, you can restart nginx to take effect.

It should be noted here that after importing a new certificate, you need to restart instead of reload. Nginx-s reload is an ordinary modification configuration overload.

# stop nginxnginx-s stop# and start nginx

After restarting, visit your website again, Tut-tut, perfect, add a lock in the upper left corner to remind you of a secure connection. Ah, done, happy.

Nginx daily operation command

Nginx-t test profile

Nginx-s reload takes effect after modification of configuration

Nginx-s reopen reopens the log file

Nginx-s stop Quick stop

Nginx-s quit

View nginx processes

Ps-ef | grep nginx's content on "how to configure ssl for https access by nginx" ends here. Thank you for reading. If you want to know more about the industry, you can follow the industry information channel. The editor will update different knowledge points for you every day.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.