We all know that if you visit a site, if it is the beginning of the visit http, the status bar displays the address insecurity
But if https access, security appears
the reason:
HTTP (hypertext transfer protocol) is used between the Web browser and the web server, in clear text transmission of information, data encryption does not provide any way, so using HTTP protocol to transmit private information (such as: bank card numbers, passwords and other payments information) very unsafe.
To address this security flaw, Netscape designed the SSL (Secure Sockets Layer) protocol, joined the SSL (Secure Sockets Layer) protocol based on HTTP, SSL relies on SSL certificates to verify the identity of the server and the browser and encrypt communications between servers. Thus was born the HTTPS (Secure Sockets Layer Hypertext Transfer Protocol).
In simple terms, HTTPS protocol = build "SSL + HTTP protocol" can be encrypted transmission, network authentication protocol, HTTP is safe version.
Solution:
Nginx deployment ssl certificate
1. First, we can go to apply for a ssl certificate, I was at Western Digital application, it took a foreign exaggerated, I live frugally during the epidemic was only scrape together a dollar! !
Sign up now, a dollar, consider carefully
Application Demand
Well, in fact, according to Western Digital's process to the line, we have to put in a txt file on the server to verify, of course, Western Digital is the case, other do not know, get ssl certificate after downloading codecs, as shown in this file will get two
2. I put Talia brothers in the / usr / local / nginx / conf / directory, which is the default installation path nginx
3. Check whether the ssl nginx modules are installed into / usr / local / nginx / sbin / input ./nginx -V note uppercase V And that decimal point, if there is something shown in the red box, the installation, or else ssl module is not installed, how loaded the tutorial below
nginx.conf 4. Edit the file / usr / local / nginx / conf / under, add the following code to route your path to store the certificate, also need to change the listening port 443
ssl_certificate /usr/local/nginx/conf/www.orscloud.cn.crt; # _www.domain.com.cer need to copy the contents of this file to the head, in the middle do not have blank lines
ssl_certificate_key / usr / local / nginx / conf / www.orscloud.cn.key; # certificate key file
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL: DH: EXPORT: RC4: + HIGH: + MEDIUM,: LOW: aNULL:!!!!! ! eNULL;
After changing for the better below
5. changing for the better after the restart nginx command ./nginx -s reload, you can now access it using https
Tutorial module installed SSL Nginx
Question: If you do not install the module, an error will restart nginx: nginx: [emerg] unknown directive "ssl_certificate" xxxxxxxx
1. Locate your previous pre-install nginx nginx extract the directory, if deleted from the new download, remember not to install the / usr / local / nginx directory into the directory you will see a configure, for it is!
2. Enter the following command to add this module
./configure --with-http_ssl_module
3. Enter the following command to compile, remember do not install (make install), otherwise it will overwrite the previous configuration nginx
make
4. Then you will see a objs folders, folder nginx have a file, copied to / usr / local / nginx / sbin file folder, make a backup copy before
Backup
cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
copy
cp objs/nginx /usr/local/nginx/sbin/nginx
5.ssl module installation finished, steps to deploy ssl certificates can continue the Nginx