1, http to https upgrade
1.1, check Nginx supports SSL
/usr/local/nginx/sbin/nginx -V configure arguments中是否有--with-http_ssl_module 如: nginx version: nginx/1.13.4 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC) built with OpenSSL 1.0.2k-fips 26 Jan 2017 TLS SNI support enabled configure arguments: --with-http_ssl_module
1.2, add SSL module nginx
1 ) enter nginx installation directory execute: . / The configure --with- http_ssl_module then, be careful not to install the make the make 2 ) to perform a backup of the original script Nginx mv / usr / local / nginx / sbin / nginx / usr / local / nginx / sbin / nginx.old 3 ) the new version of Nginx build scripts into executable files under a directory cd objs / cp nginx / usr / local / nginx / sbin / 4 ) be a smooth upgrade make upgrade check that the installation was successful: / usr / local / nginx / sbin / nginx -V
1.3, modify the configuration nginx
cd /usr/local/nginx/conf
vim nginx.conf
server{ listen 88; listen 443 ssl; ssl on; ssl_certificate /etc/nginx/nginx.nopasswd.crt; ##证书.crt ssl_certificate_key /etc/nginx/nginx.nopasswd.key; ##证书.key server_name ****; error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } location / { try_files $uri $uri/ /index.html; root /var/www/test; index index.html index.htm; } location ~ /api/(.*)$ { proxy_pass http://****/$1?$query_string; proxy_set_header Host $http_host; proxy_set_header X-Forward-For $remote_addr; } }
Note: https SSL certificate needs to be to Tencent Ali clouds or cloud for a free version, valid for one year
2, supports both http and https which two request
server{ listen 88; listen 443 ssl; # ssl on; ssl_certificate /etc/nginx/nginx.nopasswd.crt; ssl_certificate_key /etc/nginx/nginx.nopasswd.key; ......
The ssl on; comment on it, which visit http 88 port, and visit https port 443 (default port 80 http, https port 443 by default)
3, http automatic steering https
nginx configuration of the new server configuration
{Server the listen 80 ; server_name your domain name; rewrite ^ $ HTTPS: (*.) // $ Host $ 1 Permanent; }