nginx uses ssl module configuration to support HTTPS access

Others 2022-04-23 02:47:06 views: 0

background:

        The WeChat applet is used in the project development, but the server configuration URL must be HTTPS, so it is necessary to configure the SSL module of nginx to support HTTPS access, that is to say, to make a website domain name dmsdbj.com requires HTTPS://dmsdbj .com to access.

       SSL English name is Secure Socket Layer, Secure Socket Layer. SSL is a digital certificate, which uses the ssl protocol to establish a secure channel between the browser and the web server, and the data information is transmitted securely between the client and the server.

This blog is a detailed explanation of the steps of this operation.


premise:

      1. To configure the SSL module, you first need a CA certificate. The CA certificate can be issued manually or applied for on Alibaba Cloud. The certificate I applied for on Alibaba Cloud. (For manual issuance, please refer to the link at the bottom of the article)

      2. The ssl module is not installed by default. If you want to use this module, you need to specify the --with-http_ssl_module parameter when compiling nginx.

Alibaba Cloud purchases CA certificate

Steps:

1. Download the CA certificate

      1. Log in to Alibaba Cloud, select "Console" - "Products and Services", and select "CA Certificate Service (Data Security)" in the "Security (Cloud Shield)" column.



2. Click "Download" on the purchased certificate, select "Nginx/Tengine" on the newly opened page, and click "Download Certificate for Nginx".




2. Install the certificate in the Nginx configuration file


File description:

1. The certificate file "certificate name.pem'' contains two sections, please do not delete any section.

2. If it is a CSR created by the certificate system, it also includes: certificate private key file "certificate name.key"

(1) Create a cert folder in the directory where the Nginx configuration file is located, and copy all the downloaded files to the cert directory. If you created a CSR file when applying for a certificate, please put the corresponding private key file in cert directory and named "certificate name.key";


(2) Open the nginx.conf file in the conf directory under the Nginx installation directory and find:

# HTTPS server
# #server {
# listen 443;
# server_name localhost;
# ssl on;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_timeout 5m;
# ssl_protocols SSLv2 SSLv3 TLSv1;
# ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
# ssl_prefer_server_ciphers on;
# location / {
#
#
#}
#}

( 3 ) Modify it as (in the following attributes, the attributes at the beginning of ssl are directly related to the certificate configuration, please copy or adjust other attributes according to your actual situation):

server {
    listen 443;
    server_name localhost;
    ssl on;
    root html;
    index index.html index.htm;
    ssl_certificate cert/certificate name.pem;
    ssl_certificate_key cert/certificate name.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256: ECDHE: ECDH: AES: HIGH:! NULL:! aNULL:! MD5:! ADH:! RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    location / {
        root html;
        index index.html index.htm;
    }
}
Save and exit.

(4) Restart Nginx.

nginx -s reload

( 5 ) Access your site through https and test the installation and configuration of the site certificate. Enter https://dmsdbj.com in the browser, as shown in the figure below, the configuration is successful.




Problems encountered during installation

Error one:

nginx: [emerg] unknown directive "ssl" in /usr/local/nginx/conf/nginx.conf:151

solution:

This error can be caused by two situations:

Case 1: The configuration file format is incorrect.

Solution reference link: http://blog.csdn.net/yuanyuan_186/article/details/51324082

Case 2: The ssl module is not installed

The ssl module is not installed by default. If you want to use this module, you need to specify the --with-http_ssl_module parameter when compiling nginx, which will also cause error two to appear.

solution:

Nginx lacks the http_ssl_module module. When compiling and installing, you can bring the --with-http_ssl_module configuration. However, the current situation is that my nginx has been installed. How to add modules is actually very simple. My nginx installation directory is /usr/local/nginx, and my source package is in /usr/local/src/nginx-1.3.6

(1) Switch to the source package:

cd /root/nginx-1.13.6

(2) Configuration information:

./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module

(3) After the configuration is completed, run make to compile, and do not make make install, otherwise it will be an overwrite installation.

make

(4) Then back up the original installed nginx

cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak

(5) Stop Nginx, the normal command can be directly nginx -s stop

nginx -s stop

If it can't be turned off, just kill the process directly. ps aux | grep process name View the PID number occupied by the process.

ps aux|grep nginx

Just kill the detected PID, kill -9 PID command is used to terminate the process. The PID corresponding to root must be killed first to perform the following three nobody PIDs.

kill -9 10922
kill -9 28276
kill -9 28277
kill -9 28278

(6) Overwrite the original nginx with the newly compiled nginx

cp ./objs/nginx /usr/local/nginx/sbin/

(7) Start nginx

nginx

(8) Use the following command to check whether it has been added successfully.

nginx -V

Error two:

nginx: [emerg] the "ssl" parameter requires ngx_http_ssl_module in /usr/local/nginx/conf/nginx.conf:148

solution:

   For the solution to this situation, please refer to the solution of the second situation of Error 1.

Error three:

Stoping nginx... nginx: [emerg] BIO_new_file("/usr/local/nginx/conf/cert/214291778530222.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/usr/local/nginx/conf/cert/214291778530222.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file) failed. Use force-quit

solution:

This may be caused by the incorrect location of the certificate path, and as long as the absolute path is written, an error will be reported, regardless of windows or linux.

Put the certificate file in the directory where nginx.conf is located.


Reference blog:

http://blog.csdn.net/wm_1991/article/details/51925062

http://blog.csdn.net/kwy15732621629/article/details/76602241

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=325399412&siteId=291194637
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com