Method steps for upgrading https under Nginx
- 2020-05-17 07:43:19
- OfStack
Certificate of purchase
You can go to ali cloud cloud shield certificate service to buy
Download the certificate
Download the Nginx version certificate from the certificate console. Download to the local zip file package after unzip includes:
.pem file: certificate file .key file: the private key file of the certificate (no file if you do not choose to automatically create CSR when applying for the certificate)
Configuration Nginx
1. Create the cert directory in the installation directory of Nginx, and copy all the downloaded files into the cert directory. If you created the CSR file when you applied for the certificate, please put the corresponding private key file into the cert directory.
2. Open the nginx.conf file in the conf directory under the Nginx installation directory
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
gzip on; # open gzip
gzip_min_length 1k; # below 1kb Resources are not compressed
gzip_comp_level 3; # Compression level [ 1-9 The higher the compression rate, the higher the consumption cpu The more resources you have, the better to set them in 4 The left and right sides.
gzip_types text/plain application/javascript application/x-javascript text/javascript text/xml text/css; # Which response types of resources need to be compressed, separated by multiple Spaces. Compression of images is not recommended, and we'll talk about why.
gzip_disable "MSIE [1-6]\."; # Configuration is disabled gzip Condition, support regex. Here said ie6 And below are not enabled gzip (because the ie Lower version not supported)
gzip_vary on; # Whether to add" Vary: Accept-Encoding "The response headers
server {
listen 80 default backlog=2048; # configuration http available
listen 443 ssl; # configuration https
server_name localhost;
ssl_certificate ../cert/hzzly.pem; # Configure certificate file
ssl_certificate_key ../cert/hzzly.key; # Configure the private key file
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /home/hzzly;
index index.html index.htm;
}
# location ^~ /apis/ {
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-Server $host;
# # Match any with /apis/ Start the request and stop the match other location
# proxy_pass http://xxxxxxxxxx/;
# }
# location ^~ /assets/ {
# gzip_static on;
# expires max;
# add_header Cache-Control public;
# }
}
}
3. Restart Nginx
$ cd /usr/local/nginx/sbin
$ ./nginx -s reload
Error,
1. If Nginx module SSL is not opened, it will prompt an error when configuring Https
nginx: [emerg] the "ssl" parameter requires ngx_http_ssl_module in ...
Nginx opens the SSL module
Switch to source package:
$ cd /usr/local/src/nginx-1.16.0
Modify the new configure parameter
$ ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
When the configuration is complete, run the command
$ make // Don't do it here make install Otherwise it is an override installation
Back up the original installed nginx
$ cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bakOverwrite the nginx that you just compiled nginx
$ cp ./objs/nginx /usr/local/nginx/sbin/
Restart Nginx
$ cd /usr/local/nginx/sbin
$ ./nginx -s reload