First, the difference Http and Https of
HTTP: is the most widely used on the Internet a network protocol is a client and server side request and response standard (TCP), for transmission from the WWW server to the local hypertext browser transport protocol, it can make the browser more efficient, so that network traffic is reduced.
HTTPS: HTTP is safe for the target channel, simply, is a safe version of HTTP, HTTP added SSL layer, HTTPS security infrastructure is SSL, encryption and therefore the details will need to SSL. The main role of the HTTPS protocol can be divided into two types: one is to establish a channel of information security, to ensure the security of data transmission; the other is to confirm the authenticity of the site.
The main difference between HTTPS and HTTP as follows:
- 1, https protocol ca need to apply for a certificate, generally less free certificates, thus requiring a fee.
- 2, http is the hypertext transfer protocol, information is transmitted in the clear, https is encrypted with a security ssl transfer protocol.
- 3, http and https use is completely different connections, with the port are not the same, the former is 80, which is 443.
- 4, http connection is very simple, is stateless; is constructed by the HTTPS protocol SSL + HTTP encrypted transmission protocol, a network authentication protocol, the http protocol than security.
Second, the use openssl to generate a certificate
openssl SSL is the most popular password database tool that provides a common, robust, full-featured suite of tools to support the achievement of SSL / TLS protocol.
Manual issued
xshell login server, use openssl to generate RSA keys and certificates, such as to generate: / usr / local / ssl
openssl req -x509 -nodes -days 36500 -newkey rsa:2048 -keyout /usr/local/ssl/nginx.key -out /usr/local/ssl/nginx.crt
The generated certificate into the same directory nginx configuration file;
nginx configuration
Edit the nginx configuration file nginx.conf, add the https protocol
server { listen 443 ssl; server_name www.nginx.com; ssl_certificate /usr/local/ssl/nginx.key; ssl_certificate_key /usr/local/ssl/nginx.crt; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; # Disable server version appears in the header, the version to prevent hackers use exploits server_tokens off; # If the station is full HTTPS and HTTP is not considered, you can join HSTS tell your browser on this website the station's encryption and mandatory access with HTTPS fastcgi_param HTTPS on; fastcgi_param HTTP_SCHEME https; access_log /usr/local/nginx/logs/httpsaccess.log; }
Restart Nginx
own SSL certificate issued to carry out encrypted transmission function, but the browser does not trust, it will prompt: