Summary
Edible Notes: This document configures the HTTPS configuration of Nginx in detail. It is to listen to multiple ports on a server and only have one domain name, configure multiple port numbers to send requests using HTTPS.
illustrate
Let’s first talk about the difference between HTTP and HTTPS
HTTP (Hypertext Transfer Protocol) and HTTPS (Secure HTTP) are two different protocols used to transfer data between client and server. The main difference between them is security. There are the following differences.
-
Security: HTTP is a clear text protocol. Data is sent in clear text during transmission and is easily eavesdropped and tampered with. HTTPS encrypts communications using the TLS (Transport Layer Security) protocol to ensure the confidentiality and integrity of data transmission. HTTPS uses public key encryption and private key decryption to make data more secure during transmission.
-
Data transfer method: HTTP uses the default port 80 for communication, while HTTPS uses the default port 443. The data transmission speed of HTTP is usually faster than that of HTTPS, because HTTPS requires the process of encryption and decryption, which will increase the calculation burden and transmission delay.
-
Certificate requirements: In order to use HTTPS on your website, you need to obtain and install an SSL/TLS certificate. This certificate is a digital certificate issued by a legally certified Certificate Authority (CA) to verify the identity of the server. HTTP does not require the use of certificates.
-
SEO (Search Engine Optimization): Search engines generally prefer secure HTTPS sites, which are more likely to rank better in search results. Therefore, using HTTPS can improve the visibility and credibility of the website.
At this point we understand why the HTTPS protocol is used to send requests, because it is relatively safer. Safety must be the first priority
As mentioned above, the SSL/TLS certificate needs to be applied by the relevant person. We only need to get the applied certificate to do things.
add ssl certificate
When we get the ssl certificate, we can go to the nginx directory to create a new folder cert (mkdir cert), and upload the relevant certificate to this folder, usually two, one is the .key file, and the other is .pem files.
Configure nginx.conf
1. Find the location of nginx through the command
whereis nginx
2. Switch to the /nginx/conf directory
3. Configure nginx to use HTTPS protocol
If you need to listen to port 443, you can configure it as follows. The added server configuration is under http{} .
server {
listen 443 ssl;#必须加上ssl
server_name xxx.com.cn; #可以是域名,可以是ip
#charset koi8-r;
#access_log logs/host.access.log main;
root /var/www/html/test/web; # nginx的访问目录
index index.html index.htm; #首选文件
#设置文件上传大小
client_max_body_size 100m;
#配置ssl协议
ssl_certificate /usr/local/nginx/cert/xxx.pem; #ssl证书路径
ssl_certificate_key /usr/local/nginx/cert/xxx.key; #ssl证书路径
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
try_files $uri $uri/ /index.php$is_args$args; #配置伪静态
#proxy_pass http://127.0.0.1:8082;#动态转发
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/html/test/web;
}
}If you want to configure the monitoring of multiple ports of this domain name, the HTTPS protocol is also used, and a copy of the above configuration is copied under it, and the port number can be changed. Personal test is effective. For example: I listen on 8081 8082
server {
listen 8081 ssl;
server_name xxx.com.cn;
#charset koi8-r;
#access_log logs/host.access.log main;
root /var/www/html/test/web;
index index.html index.htm;
#设置文件上传大小
client_max_body_size 100m;
ssl_certificate /usr/local/nginx/cert/xxx.pem;
ssl_certificate_key /usr/local/nginx/cert/xxx.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
try_files $uri $uri/ /index.php$is_args$args;
#proxy_pass http://127.0.0.1:8082;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/html/test/web;
}
}
server {
listen 8082 ssl;
server_name xxx.com.cn;
#charset koi8-r;
#access_log logs/host.access.log main;
root /var/www/html/test/web;
index index.html index.htm;
#设置文件上传大小
client_max_body_size 100m;
ssl_certificate /usr/local/nginx/cert/xxx.pem;
ssl_certificate_key /usr/local/nginx/cert/xxx.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
try_files $uri $uri/ /index.php$is_args$args;
#proxy_pass http://127.0.0.1:8082;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/html/test/web;
}
}