Shulou(Shulou.com)06/01 Report--

This article shows you how to configure multiple HTTPS domain names in Nginx, the content is concise and easy to understand, it will definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.

Environment:

CentOS 7

Multiple first-tier domain names

In the process of development and testing, for some reasons, I want to make the An and B domain names point to port 443 of the CVM at the same time, which supports HTTPS.

Nginx supports the SNI extension of the TLS protocol (domain names with multiple different certificates can be supported on the same IP). You only need to reinstall Nginx to support TLS.

Install Nginx

[root] # wget http://nginx.org/download/nginx-1.12.0.tar.gz[root]# tar zxvf nginx-1.12.0.tar.gz [root] # cd nginx-1.12.0 [root] #. / configure-- prefix=/usr/local/nginx-- with-http_ssl_module\-- with-openssl=./openssl-1.0.1e\-with-openssl-opt= "enable-tlsext"

Note: it is found that some libraries are missing in the environment of the CVM during installation. After download, re-execute the. / configure instruction of Nginx, as follows:

[root] # wget https://nchc.dl.sourceforge.net/project/pcre/pcre/8.35/pcre-8.35.tar.gz[root]# tar zxvf pcre-8.35 [root] # yum-y install gcc [root] # yum-y install gcc-c++ [root] # yum install-y zlib-devel [root] #. / configure-prefix=/usr/local/nginx-with-http_ssl_module\-with-openssl=./openssl-1.0.1e\ -with-openssl-opt= "enable-tlsext"\-with-pcre=./pcre-8.35

Configure Nginx

When purchasing a domain name, if the domain name provider has a free SSL certificate, use it directly; if not, you can use Let's Encript to generate a free CA certificate.

Open the configuration of Nginx: vi / etc/nginx/nginx.conf

... Server {listen 443 ssl; listen [:]: 443 ssl; server_name abc.com; root/ usr/share/nginx/html; ssl_certificate "/ root/keys/abc.com.pem"; ssl_certificate_key "/ root/keys/abc.com.private.pem"; include / etc/nginx/default.d/*.conf; location / {} error_page 404 / 404.html Location = / 40x.html {} error_page 500 502 503 504 / 50x.html; location = / 50x.html {} server {listen 443 ssl; listen [:]: 443 ssl; server_name def.com; root/ usr/share/nginx/html; ssl_certificate "/ root/keys/def.com.pem"; ssl_certificate_key "/ root/keys/def.com.private.pem" Include / etc/nginx/default.d/*.conf; location / {} error_page 404 / 404.html; location = / 40x.html {} error_page 500502503504 / 50x.hml; location = / 50x.html {}}

When the configuration is complete, reload Ngixn:nginx-s reload

Apply for a free CA certificate

In cases where there is no SSL certificate, you can obtain the CA certificate for free-- Let's Encript-- using the following method.

Step 1: install the official Let's Encrypt client-CetBot

[root] # yum install-y epel-releasesudo [root] # yum install-y certbot

Step 2: configure the configuration file for Nginx and add the following configuration to the Server module (listening for port 80):

When CertBot verifies the server domain name, it will generate a random file, and then the CertBot server will access your file through HTTP, so make sure your Nginx is configured so that it can be accessed.

Server {listen 80 default_server;... Location ^ ~ / .well-known/acme-challenge/ {default_type "text/plain"; root / usr/share/nginx/html;} location = / .well-known/acme-challenge/ {return 404;}}

Reload Nginx: nginx-s reload

Step 3: apply for a SSL certificate

[root] # certbot certonly-- webroot-w / usr/share/nginx/html/-d your.domain.com

During installation, you will be prompted to enter a mailbox to update the CA certificate.

After the installation is successful, the CA certificate will be generated at / etc/letsencrypt/live/your.domain.com/ by default.

|-- fullchain.pem |-- privkey.pem

Step 4: configure Nginx

Server {listen 443 ssl; listen [:]: 443 ssl; server_name def.com; root / usr/share/nginx/html; ssl_certificate "/ etc/letsencrypt/live/your.domain.com/fullchain.pem"; ssl_certificate_key "/ etc/letsencrypt/live/your.domain.com/privkey.pem"; include / etc/nginx/default.d/*.conf; location / {} error_page 404 / 404.html Location = / 40x.html {} error_page 500 502 503 504 / 50x.html; location = / 50x.html {}}

After configuration, reload Nginx

Step 5: update the certificate automatically

Do a simulation to update the certificate on the command line

Certbot renew-dry-run

If the simulation update is successful, use the crontab-e command to enable the automatic update task:

[root] # crontab-e302 * * 1 / usr/bin/certbot renew > > / var/log/le-renew.log the above content is how to configure multiple HTTPS domain names in Nginx. Have you learned any knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.