nginx https certificate settings

Others 2022-04-28 15:23:03 views: 0

Nginx certificate deployment

Get a certificate

Obtain the SSL certificate file 1_www.domain.com_bundle.crt and the private key file 2_www.domain.com.key, 1_www.domain.com_bundle.crt in the Nginx folder.
The file includes two pieces of certificate code "-----BEGIN CERTIFICATE-- ---" and "-----END CERTIFICATE-----",
2_www.domain.com.key file includes a private key code "-----BEGIN RSA PRIVATE KEY-----" and "-----END RSA PRIVATE KEY-----".

Certificate installation

Save the certificate file 1_www.domain.com_bundle.crt and the private key file 2_www.domain.com.key of the domain name www.domain.com to the same directory, for example, /usr/local/nginx/conf.
Update the conf/nginx.conf file in the Nginx root directory as follows:

server {
        listen 443;
        server_name www.domain.com; #填写绑定证书的域名
        ssl on;
        ssl_certificate 1_www.domain.com_bundle.crt;
        ssl_certificate_key 2_www.domain.com.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
        ssl_prefer_server_ciphers on;
        location / {
            root   html; #站点目录
            index  index.html index.htm;
        }
    }

After the configuration is completed, first use it bin/nginx –tto test whether the configuration is correct. If it is correct, restart nginx. can be https://www.domain.comused to access.

Note:

Configuration file parameter description
listen 443 SSL access port number is 443
ssl on Enable SSL function
ssl_certificate certificate file
ssl_certificate_key private key file
ssl_protocols protocol used
ssl_ciphers Configure the cipher suite, written in accordance with the openssl standard

Use full-site encryption, http automatically jump to https (optional)

If the user does not know that the website can be accessed by https, let the server automatically redirect the http request to https.
If you configure it on the server side, you can add js scripts to the page, you can also write redirection in the back-end program, and of course you can also use the web server to realize the jump. Nginx supports rewrite (as long as pcre is not removed when compiling)
, adding it to the http server rewrite ^(.*) https://$host$1 permanent;
can realize 80 incoming requests and redirect them to https.

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=326398776&siteId=291194637
Recommended
Ranking
ElasticSearch-- data modeling best practices
Permission Maintenance - Shadow User Backdoor
Refactor the code using MVP mode
Quantitative investment-fundamental model-PVC multi-factor model
Spark Big Data Processing Lecture Notes 3.2 Mastering RDD Operators
Blazor page components (2)
Erlernen von Kenntnissen zur Android-Entwicklung – Kodierung, Verschlüsselung, Hash, Serialisierung und Zeichensätze
About Qi high in JAVA study notes SORM summary detailed personal explanation
Will you calculate the accuracy of the rope displacement sensor in the measurement?
OPENJTAG debugging learning (3): debugging using the gdb command line
Daily
More
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)

Code World

© 2018 codetd.com