Shulou(Shulou.com)06/01 Report--

This article to share with you is about how to configure SSL self-signed certificate in Nginx, Xiaobian think it is very practical, so share it with you to learn, I hope you can gain something after reading this article, not much to say, follow Xiaobian to see it.

Generate Self-Signed SSL Certificates

Generate RSA key (process requires setting a password, remember this password)

$ openssl genrsa -des3 -out domain.key 1024

Copy a key file that doesn't require a password

$ openssl rsa -in domain.key -out domain_nopass.key

Generate a certificate request

$ openssl req -new -key domain.key -out domain.csr

You'll be prompted for country, regional organization,email, etc. The most important one is the "common name", which needs to be the same as the domain name of the website.

Enter pass phrase for domain.key: #Password previously set----Country Name (2 letter code) [XX]:CN #COUNTRY State or Province Name (full name) []:Jilin #REGION OR PROVINCE Locality Name (eg, city) [Default City]:Changchun #Region Local Name Organization Name (eg, company) [Default Company Ltd]:Python #Institution Name Organizational Unit Name (eg, section) []:Python #Name of Organizational Unit Common Name (eg, your name or your server's hostname) []: domain.com #Website Domain Name Email Address []:123@domain.com #Email A challenge password []: An optional company name []: #An optional company name, which can be entered directly

This will generate a domain.csr file, which will be submitted to the ssl provider. Of course, there is no application to any certificate provider, but issued its own certificate.

Sign the certificate using the key above and CSR

$ openssl x509 -req -days 365 -in domain.csr -signkey domain.key -out domain.crt

Nginx ssl configuration method

Check if nginx supports SSL:

$ nginx -V

If-with-http_ssl_module is displayed, it means openssl has been compiled and ssl can be installed.

If not, please recompile and install nginx

$ ./ configure --with-http_ssl_module --with-http_stub_status_module$ make & make install

Profile:

server { listen 80; listen 443 ssl; #Listen on port 443, open ssl(required) server_name domain.com; # ssl on; #Not recommended! This directive has the same function as the ssl parameter in listen. #Reference SSL Certificates (required, relative path can be used if placed under nginx/conf/ssl, absolute path must be used elsewhere) ssl_certificate /home/user/domain.com/conf/ssl/domain.crt; ssl_certificate_key /home/user/domain.com/conf/ssl/domain_nopass.key; #protocol optimization (optional, optimize https protocol, enhance security) ssl_protocols TLSv1 TLSv1.1 TLSv1.2 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:! aNULL:! MD5:! RC4:! DHE; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; #autojump to HTTPS if ($server_port = 80) { rewrite ^(.*)$ https://$host$1 permanent; } #Additional configuration information...}

Check if niginx configuration file is available after configuration:

$ nginx -t #Check nginx configuration file

successful Reload the configuration file to make the configuration effective:

$ nginx -s reload

Note: Remember to open port 443 of firewall firewall-cmd --zone=public --add_port=443/tcp permanent

Note: I use nginx+uwsgi deployment, in this case also need to restart uwsgi, otherwise unable to access uwsgi --reload ./ tmp/uwsgi.pid

The above is how to configure SSL self-signed certificates in Nginx. Xiaobian believes that some knowledge points may be seen or used in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.