1.nginx of ssl
Let nginx implemented with https to access the web site, http port 80, https 443 port.
https actually a kind of encrypted http
2. Why do you want to encrypt
Examples: online bank transfer, your money in the process, you'll enter the password bank card, if not encrypted, the data transmission process is likely to be intercepted by people, crack.
If you use https, data transfer is in process will be encrypted. Even caught a packet, but can not break out.
Knowledge:
http(1.1版本) http 2(https)
3.0 how to configure ssl?
First you have to look at is nginx yum install nginx compiled or installed
3.1yum mounted nginx has parameters --with-http_ssl_module
nginx -V ## View parameters
3.2 compile and install to see if there --with-http_ssl_module (I chose the coding compiled and installed nginx)
/usr/local/nginx/sbin/nginx -V
3.3 If there is no recompilation. Nginx into the extracted directory
# cd /usr/local/src/nginx-1.17.0/
3.4 reconfigure the new compiler parameters
# ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
3.5 can run the above command, wait for the configuration, run the command
# make
NOTE: Do not install make install, otherwise it will cover the installation
3.6 stop nginx
# /etc/init.d/nginx stop
3.7 nginx compiled just cover the original nginx
# cp ./objs/nginx /usr/local/nginx/sbin/
3.8 View compiled parameter is in effect
# /usr/local/nginx/sbin/nginx -V
How to obtain 4.0 ssl certificate?
Application for a certificate:
Website :( Vorthong)
Free: freessl.cn
Here we take a free certificate
Enter freessl.cn first register and then enter the domain name to subscribe to, this process need to add a TXT record to prove that the site is yours.
TXT will give you a record of
Then add in your DNS
Click verification will give you back freessl.cn CA certificate, certificate, keys
This time back to the linux directory to create the ssl
# mkdir /usr/local/nginx/conf/ssl/
Enter ssl directory
vim CA add browser-generated CA certificate
Edit Certificate file
# Vim bbs.crt copy and paste certificate
Editing private key file
# Vim bbs.key copy and paste the private key
Conf Configuration Profiles
server { listen 443 ssl; index index.html index.htm index.php; root /data/wwwroot/bbs.centos.com; server_name bbs.centos.com; ssl_certificate /usr/local/nginx/conf/ssl/bbs.crt; ssl_certificate_key /usr/local/nginx/conf/ssl/bbs.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Overload detection configuration syntax
# /usr/local/nginx/sbin/nginx -t # /usr/local/nginx/sbin/nginx -s reload
Further it may be configured to
server { listen 443; index index.html index.htm index.php; root /data/wwwroot/bbs.centos.com; server_name bbs.centos.com; ssl on; ssl_certificate /usr/local/nginx/conf/ssl/bbs.crt; ssl_certificate_key /usr/local/nginx/conf/ssl/bbs.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Restart nginx
# /etc/init.d/nginx restart
Check listening port
# netstat -lntp
5.0 configured the firewall can access centos but also need to open port 443
# Firewall-cmd --add-port = 443 / tcp --permanent ## permanent release 443 # firewall-cmd -reload # reload
Now the access domain renderings