Alibaba Cloud Nginx configures ssl, nginx opens https, and cannot access

Language 2023-09-06 03:37:20 views: null

1. Problem description

I have configured ssl with nginx. After configuring it, I can’t access it through https. After not configuring it, it’s fine.

Two, the solution

1. Make sure that http can be accessed normally before configuration-【Exclude nginx problems】
2. Check whether nginx has installed ssl module
Enter the sbin directory of the directory and enter

#注意这里是大写的V,小写的只显示版本号
./nginx -V

If there is –with-http_ssl_module, it means that the ssl module has been installed, otherwise recompile and install the ssl module.
3. Check whether the firewall is enabled, and if it is enabled, whether the corresponding port is opened.
4. After configuring the certificate and restarting nginx, it cannot be accessed - [there is a problem with the configuration file].
5. Check whether port 443 is enabled in the security group of Alibaba Cloud to allow access.
insert image description here
Basically, most of the above problems are caused by the 4 and 5 points. I came up with the third point. I checked a few configuration files, and there was nothing wrong with it. Through nginx -t, the return is also correct. After restarting, I can’t access it through https. Finally, I repeatedly compared the configuration to find out the problem. The official Here is how to configure ssl in nginx: https://help.aliyun.com/document_detail/98728.html?spm=5176.14113079.help.6.4b3b56a7ZRm3O0

The key configuration is as follows:

	server {
    
    
		listen 80;
		server_name www.xxx.com;
        location / {
    
    
            proxy_pass  http://127.0.0.1:8087; # 转发规则
            proxy_set_header Host $proxy_host; # 修改转发请求头,让8080端口的应用可以受到真实的请求
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
	}
	
	server {
    
    
		listen 443 ssl;#监听https 443时需加ssl
		server_name www.xxx.com; #你的域名
		ssl_certificate   ../cert/5947977_www.xxx.com.pem;
        ssl_certificate_key  ../cert/5947977_www.xxx.com.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
		
        location / {
    
    
            proxy_pass  http://127.0.0.1:8087;
        }
	}

I had a problem with configuring 443. I didn't add ssl after 443 at the beginning, and I couldn't access it anyway. Just add a restart after it. .

Guess you like

Origin blog.csdn.net/mashangzhifu/article/details/118708400
Recommended
Rushing to the GitHub hot list——How can open source programming languages and frameworks be so cute?
Beijing Humanoid Robot Innovation Center launches Tiangong, the world's first full-size humanoid robot with purely electric drive for anthropomorphic running
Ranking
8个无需编写代码即可使用 Python 内置库的方法
Java collections interview knowledge Lite
Machine learning algorithms foundation - Introduction a (watermelon materials for the book)
(Easy) Ransom Note - LeetCode
[Five days] Qt from entry to actual combat: the second day
Remember once extremely pit father can not download Maven Jar package of issues: IDEA question
The minimum cost Shortest
OSPF study map (the most complete version)
Network Takeaways
GnuPG
Daily
More
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)

Code World

© 2018 codetd.com