How does nginx configure HTTPS

Configuration with the ssl module supports both http and https

1. Generate the certificate

# 1 First, go to the directory where you want to create the certificate and private key, for example: 
cd /etc/nginx/

# 2 Create the server private key and the command will let you enter it 1 A password: 
openssl genrsa -des3 -out server.key 1024

# 3 , create a signed request certificate ( CSR ) : 
openssl req -new -key server.key -out server.csr

# 4 And in the load SSL To support the Nginx And remove the required password when using the private key above: 
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key


# 5 , and finally mark the certificate with the above private key and CSR : 
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

2. Configure nginx

cd /etc/nginx
vim nginx.conf
#
# HTTPS server configuration
#
server {
  listen    443;
  server_name  This machine is the IP address ;

  ssl         on;
  ssl_certificate   /etc/nginx/server.crt;
  ssl_certificate_key /etc/nginx/server.key;

  ssl_session_timeout 5m;

#  ssl_protocols SSLv2 SSLv3 TLSv1;
#  ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
#  ssl_prefer_server_ciphers  on;

  location / {
    #root  html;
    #index testssl.html index.html index.htm;
   proxy_redirect off;
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_pass http://IP address /ssl/;
  }
}

Restart nginx, and in the browser type: https://IP address will jump to http://IP address /ssl address (later adjust to webservice interface address)

3. StartSSL free SSL certificate trusted by the browser:

Sample with VeriSign1 StartSSL (address: http: / / www. startssl. com, company name: StartCom) is also home to 1 CA institutions,

Its root certificate has long been supported by several browsers with open source backgrounds (Firefox, Google Chrome, apple Safari, etc.).

4. As required by the project, redirect the access directory \services\ from http to https (solution: nginx rewrite + location)

location ~ /services/.*$ {
    if ($server_port ~ "^80$"){
      set $rule_0 1$rule_0;
    }
    if ($rule_0 = "1"){
      rewrite /(.*) https://IP address /$1 permanent;            break;
    }
  }

5. After the configuration is finished and uploaded, test the configuration with nginx-t to see if port 443 is listening to the reload1 nginx service

/usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok 
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful ( The display indicates that there are no errors in the configuration file )

service nginx reload ( Reload the nginx service ) 
netstat -lan | grep 443 ( To view 443 port ) 
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN ( See this 1 line   It means HTTPS It's already working )