Shulou(Shulou.com)06/01 Report--

Nginx configure ssl to achieve https access? I believe that many inexperienced people are at a loss about this, so this article summarizes the causes and solutions of the problem. Through this article, I hope you can solve this problem.

Open the nginx configuration file

If you don't know the location of the nginx file, you can find it through the whereis nginx command.

My configuration file is in / ect/nginx. Now copy the two certificate files and configure them directly later. The configuration file of nginx is nginx.conf, and the configuration contents are as follows. For ease of understanding, I have added comments.

# for running users, the default is nginx. You can not set the user nginx;#Nginx process to the same number as CPU cores. Generally, it is set to the same number as CPU cores. # error log storage directory error_log / var/log/nginx/error.log warn;# process pid location pid / var/run/nginx.pid;events {worker_connections 1024; # maximum concurrency of a single background process} http {include / etc/nginx/mime.types # File extension and type mapping table default_type application/octet-stream; # default file type # set log mode log_format main'$remote_addr-$remote_user [$time_local] "$request"'$status $body_bytes_sent "$http_referer"''"$http_user_agent"$http_x_forwarded_for"; access_log / var/log/nginx/access.log main; # nginx access log location sendfile on # enable efficient transfer mode # tcp_nopush on; # reduce the number of network message segments keepalive_timeout 65; # stay connected, also known as timeout # gzip on; # enable gzip compression include / etc/nginx/conf.d/*.conf; # subconfiguration item locations and files}

Just take a quick look at it. This is the global configuration. For better management, let's do the subproject configuration in the / etc/nginx/conf.d folder declared on the last line.

Open the default.conf inside.

# set the virtual host configuration server {# listen on port 443, this is the ssl access port listen 443; # define the default web site root location of the server using the access domain server_name XXX.com; # define the default web site root location of the server root / web/www/website/dist; # set the access log access_log logs/nginx.access.log main of this virtual host # these are the configurations recommended by Tencent Cloud. You can just use them directly. Just modify the path of the certificate. Note that these paths are relative to the location of / etc/nginx/nginx.conf file, ssl on; ssl_certificate 1roomXXX.composibundle.crt; ssl_certificate_key 2roomXXX.com; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 # configure ssl_ciphers ECDHERM RSAFT AES128 Musi GCM SHA256 ParaNull "MD5cong" RC4location "DHEMT" in accordance with this protocol # configure ssl_prefer_server_ciphers on; # default request location / {root / web/www/website/dist; # define the name of the home index file } # static files. Nginx handles location ~ ^ / (images | javascript | js | css | flash | media | static) / {# expires for 30 days. Static files are not updated. Expiration can be set to a larger size. # if updated frequently, it can be set to a smaller size. Expires 30d;} # prohibit access to .htxxx files # location ~ / .ht {# deny all; #} server {# 80 is the interface listen 80 normally accessed by http; server_name XXX.com; # here, I have done https full encryption, and automatically jump to https rewrite ^ (. *) https://$host$1 permanent;} when accessing http

Well, that's the basic configuration. It's pretty simple, isn't it? Rookie Foley.

Then we write the configuration file and test it with nginx.

Nginx-t

All right, after this, you can restart nginx to take effect.

It should be noted here that after importing a new certificate, you need to restart instead of reload. Nginx-s reload is an ordinary modification configuration overload.

# stop nginxnginx-s stop# and start nginx

After restarting, visit your website again, Tut-tut, perfect, add a lock in the upper left corner to remind you of a secure connection. Ah, done, happy.

Nginx daily operation command

Nginx-t test profile

Nginx-s reload takes effect after modification of configuration

Nginx-s reopen reopens the log file

Nginx-s stop Quick stop

Nginx-s quit

View nginx processes

Ps-ef | grep nginx after reading the above, have you mastered the method of nginx configuring ssl to achieve https access? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.