Shulou(Shulou.com)06/02 Report--

This article will explain in detail how to configure Nginx to implement SSL certificate to support HTTPS access protocol. The content of the article is of high quality, so the editor will share it with you for reference. I hope you will have some understanding of the relevant knowledge after reading this article.

By modifying the simple Nginx configuration file to achieve the SSL certificate endorsement, so that our application supports HTTPS access protocol.

First, get the SSL certificate.

If you pay for it, there are many options. Let me briefly introduce the free ones.

Free SSL certificates are all for a single domain name. For example, baofeidyz.com and quan.baofeidyz.com are separate, so two free SSL certificates are required.

Both Tencent Cloud and Aliyun currently have free SSL certificates to apply for.

Tencent Cloud free SSL certificate

Currently, there seems to be no direct entrance to Tencent Cloud. You need to log in to the Tencent Cloud console (as shown in the following figure). Please note where I select the red box. We can use SSL certificate management as the entrance for us to apply for a free SSL certificate. If you can't find this entry, you can click the plus sign in another red box to add SSL certificate management.

After entering SSL certificate management (as shown below), click apply for a certificate to apply for a free SSL certificate. Tencent Cloud has complete documentation for the rest of the verification process, so I won't repeat it any more.

Next, let's go straight to the purchase process (as shown below).

Then we can see that there is a free domain name in the options menu.

After clicking, you can see that the price on the right becomes 0, and then follow the process.

If the certificate fails to pass the DNS or file verification within one day, you can initiate a ticket to contact customer service for resolution.

Then, configure the SSL certificate to Nginx

In Tencent Cloud's SSL certificate download package, there is a separate Nginx folder with two files we need, as shown in the following figure.

We need to put these two files on our server. If it is a linux system, it is recommended to put them in the / etc/ssl/ directory

Then we need to find the configuration file for nginx.

For the path search of this configuration file, it is recommended that you start nginx and use the command ps-ef | grep nginx to find it, so that you can easily find the configuration file that will take effect.

First, we need to start nginx

Service nginx start

Then find the nginx service that is running

Ps-ef | grep nginx

The result may be as follows:

[root@host ssl] # ps-ef | grep nginxroot 1007 10 May20? 00:00:00 nginx: master process / usr/sbin/nginx-c / etc/nginx/nginx.confnginx 2712 1007 0 02:17? 00:00:00 nginx: worker processroot 2768 2658 0 04:32 pts/1 00:00:00 grep-- color=auto nginx

Then the address of our nginx configuration file should be

/ etc/nginx/nginx.conf

Open a configuration file using vim

Vim / etc/nginx/nginx.conf

We need to be in

Http {}

To add a server node in, as shown below

You can add multiple server nodes to the http {# http node: server {# listens to port 443 listen 443; # corresponding domain name, and change baofeidyz.com to your own domain name. Server_name baofeidyz.com; ssl on; # the full path ssl_certificate / etc/ssl/1_baofeidyz.com_bundle.crt of the first file obtained from Tencent Cloud # the full-path ssl_certificate_key / etc/ssl/2_baofeidyz.com.key; ssl_session_timeout 5m of the second file obtained from Tencent Cloud; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHEMurRSAmuri AES128MurGCMMurSHA256HIGHRAL "MD5RC4L" DHE; ssl_prefer_server_ciphers on # this is the access address of my home page, because I am using a static html page, so I can do it directly using location. Location / {# folder root / usr/local/service/ROOT; # Home Page File index index.html;}}

Not yet, because if the user uses the http protocol for access, the default open port is port 80, so we need to do a redirect. We add a server node to the previous code block to provide redirection service.

You can add multiple server nodes to the http {# http node: server {# listens to port 443 listen 443; # corresponding domain name, and change baofeidyz.com to your own domain name. Server_name baofeidyz.com; ssl on; # the full path ssl_certificate / etc/ssl/1_baofeidyz.com_bundle.crt of the first file obtained from Tencent Cloud # the full-path ssl_certificate_key / etc/ssl/2_baofeidyz.com.key; ssl_session_timeout 5m of the second file obtained from Tencent Cloud; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHEMurRSAmuri AES128MurGCMMurSHA256HIGHRAL "MD5RC4L" DHE; ssl_prefer_server_ciphers on # this is the access address of my home page, because I am using a static html page, so I can do it directly using location. Location / {# folder root / usr/local/service/ROOT; # Home Page File index index.html;}} server {listen 80; server_name baofeidyz.com; rewrite ^ / (. *) $https://baofeidyz.com:443/$1 permanent;}}

Then use the save configuration file, use the nginx-t command to verify the configuration file, and if we see that successful represents the file format certificate, we can start the nginx service or reload the nginx configuration file.

Start the nginx service: service nginx start

Reload the configuration file: nginx-s reload

In fact, when you download a certificate from Tencent Cloud, Tencent Cloud will provide a link to teach you how to configure a certificate for nginx.

On how to configure Nginx to implement SSL certificates to support HTTPS access protocol is shared here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.