Configure site uses HTTPS, and will redirect http to https.
The installation module 1. nginx ssl
View nginx is installed http_ssl_module modules
$ /usr/local/nginx/sbin/nginx -V
If there configure arguments: --with-http_ssl_moduleis already installed (step can be skipped below, enter the nginx.conf configuration).
Download the installation package nginx http://nginx.org/download/nginx-1.14.1.tar.gz
# Download the package to the src directory
$ cd /usr/local/src
$ wget http://nginx.org/download/nginx-1.14.1.tar.gz
Extracting installation package
$ tar -zxvf nginx-1.14.1.tar.gz
Ssl configuration module
$ cd nginx-1.14.1
$ ./configure --prefix=/usr/local/nginx --with-http_ssl_module
Use make command to compile (using make installre-install nginx), this time there will be the current directory objs folder.
Overwrite the current file with the new nginx nginx file.
$ cp ./objs/nginx /usr/local/nginx/sbin/
View module installed again ( configure arguments: --with-http_ssl_moduleinstructions ssl module is installed).
$ /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.14.1
...
configure arguments: --with-http_ssl_module
2. ssl certificate deployment
As used herein, Ali cloud free certificate for a period of one year, apply for address https://common-buy.aliyun.com/?spm=5176.2020520154.0.0.45d356a7FlPIts&commodityCode=cas#/buy(if you need more time or other certificates may need to purchase, offer promotions cart coupons at Ali here ( https://promotion.aliyun.com/ntms/act/shoppingcart.html?userCode=znftgj11) ~).
- Download Application Good ssl certificate file and extract the zip file to your local (and here is the key pem file, the file name can be changed).
- In nginx directory folder to store the new cert certificate file.
$ cd /usr/local/nginx
$ mkdir cert
The extract from the above two files uploaded to the server's cert directory
Here uploaded to the server using the mac terminal of scp command
$ scp /Users/yourname/Downloads/ssl.pem [email protected]:/usr/local/nginx/cert/
$ scp /Users/yourname/Downloads/ssl.key [email protected]:/usr/local/nginx/cert/
3. nginx.conf Configuration
Edit the /usr/local/nginx/conf/nginx.conf configuration file:
Configuring https server.
Before commented http server configuration, add https server:
server {
# Server port 443, open ssl, where ssl ssl module is installed above
listen 443 ssl;
# Domain name, separated by a space more
server_name baidu.com www.baidu.com;
# Ssl certificate Address
Path # pem file; ssl_certificate /usr/local/nginx/cert/ssl.pem
ssl_certificate_key /usr/local/nginx/cert/ssl.key; path # key file
# Ssl verify the configuration
ssl_session_timeout 5m; # cache lifetime
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256: ECDHE: ECDH: AES: HIGH:! Null:! Anull:! MD5:! LOVE:! RC4; # 加密 算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Optional secure link encryption protocol
# Algorithm of choice for use on the server side; ssl_prefer_server_ciphers on
location / {
root html;
index index.html index.htm;
}
}
The http redirect https
server {
listen 80;
server_name baidu.com www.baidu.com;
return 301 https://$server_name$request_uri;
}
4. Restart nginx
$ /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
If port 80 is occupied by kill [id] to end the process:
# View port use
$ netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address state PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 21307/nginx: master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3072/sshd
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 21307/nginx: master
# 80-port end process
$ kill 21307
Nginx restart again:
$ /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
No information tips on successful friends ~