Of Stack

nginx ssl password free restart tutorial details

  • 2020-05-12 06:57:56
  • OfStack

1. How to start nginx

1. Differences between HTTP and HTTPS

For the https protocol, you need to apply for the certificate from ca. Generally, there are few free certificates and you need to pay for them.

http is the hypertext transmission protocol, the information is transmitted in clear text, and https is the encrypted transmission protocol ssl with security.

http and https use completely different connections and different ports: the former is 80 and the latter is 443.

The http connection is simple and stateless; HTTPS protocol is a network protocol constructed by SSL+HTTP protocol for encrypted transmission and identity authentication, which is more secure than http protocol.

So HTTPS is a good choice when it comes to interacting with sensitive information such as accounts and money.

2. Apply for certificates

The process of applying for an SSL certificate goes beyond that. Quite simply, this article focuses on configuring ssl certificates on nginx for https access.

Upload the key and certificate to the server.

3. nginx configuration

The following code 


server {
listen 443;
#listen [::]:80;
server_name passport.ddhigh.com;
index index.html index.htm index.php default.html default.htm default.php;
root /home/wwwroot/passport.ddhigh.com;
include other.conf;
#error_page 404 /404.html;
location ~ [^/]\.php(/|$)
{
# comment try_files $uri =404; to enable pathinfo
try_files $uri =404;
fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_index index.php;
include fastcgi.conf;
#include pathinfo.conf;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
ssl on;
ssl_certificate /root/crt/server.crt;
ssl_certificate_key /root/crt/server.key;
access_log /home/wwwlogs/passport.ddhigh.com.log access;
}

/root/crt is my certificate directory, you can change it according to your actual situation.

2. nginx ssl password-free restart

After setting ssl, you need to manually enter the certificate password every time you restart nginx, which is very troublesome, and the output will be restarted once more.

Using openssl, you can convert a private key with a password into a private key without a password. 


openssl rsa -in server.key -out server.key.nopassword

When configuring nginx, configure the path of server.key to server.key.nopassword.

Related articles: