How to upgrade https under Nginx

Purchase Certificate

You can purchase it from Alibaba Cloud's Cloud Shield Certificate Service

Download Certificate

Download the Nginx version certificate in the Certificate Console. The compressed file package downloaded to the local computer contains:

.pem file: certificate file
.key file: the private key file of the certificate (if you did not select Automatically create CSR when applying for the certificate, there will be no such file)

Configure Nginx

1. Create a cert directory in the Nginx installation directory and copy all downloaded files to the cert directory. If you created a CSR file yourself when applying for a certificate, please put the corresponding private key file in the cert directory.

2. Open the nginx.conf file in the conf directory under the Nginx installation directory

#user nobody;
worker_processes 1;

#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;

#pid logs/nginx.pid;

events {
  worker_connections 1024;
}

http {
  include mime.types;
  default_type application/octet-stream;

  #log_format main '$remote_addr - $remote_user [$time_local] "$request" '
  # '$status $body_bytes_sent "$http_referer" '
  # '"$http_user_agent" "$http_x_forwarded_for"';

  #access_log logs/access.log main;

  sendfile on;
  #tcp_nopush on;

  #keepalive_timeout 0;
  keepalive_timeout 65;

  gzip on; #Enable gzip
  gzip_min_length 1k; #Resources below 1kb are not compressed gzip_comp_level 3; #Compression level [1-9]. The higher the compression level, the higher the compression rate, but also consumes more CPU resources. It is recommended to set it to around 4.
  gzip_types text/plain application/javascript application/x-javascript text/javascript text/xml text/css; #Which response types of resources need to be compressed, separated by multiple spaces. It is not recommended to compress images. We will explain why below.
  gzip_disable "MSIE [1-6]\."; #Configure the conditions for disabling gzip, supporting regular expressions. This means that gzip is not enabled for IE6 and below (because lower versions of IE do not support it)
  gzip_vary on; #Whether to add "Vary: Accept-Encoding" response header server {
    listen 80 default backlog=2048; #Configure http available listen 443 ssl; #Configure https
    server_name localhost;

    ssl_certificate ../cert/hzzly.pem; #Configure certificate file ssl_certificate_key ../cert/hzzly.key; #Configure private key file ssl_session_cache shared:SSL:1m;
    ssl_session_timeout 5m;

    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    location / {
      root /home/hzzly;
      index index.html index.htm;
    }

    # location ^~ /apis/ {
    # proxy_set_header Host $host;
    # proxy_set_header X-Real-IP $remote_addr;
    # proxy_set_header X-Forwarded-Server $host;
    # # Match any request starting with /apis/ and stop matching other locations
    # proxy_pass http://xxxxxxxxxx/;
    # }

    # location ^~ /assets/ {
    # gzip_static on;
    # expires max;
    # add_header Cache-Control public;
    # }
  }
}

3. Restart Nginx

$ cd /usr/local/nginx/sbin
$ ./nginx -s reload

Error details

1. If the SSL module is not enabled in Nginx, an error message will appear when configuring Https

nginx: [emerg] the "ssl" parameter requires ngx_http_ssl_module in ...

Nginx enables SSL module

Switch to the source package:

$ cd /usr/local/src/nginx-1.16.0

Modify the new configure parameters

$ ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module

After the configuration is complete, run the command

$ make //Do not perform make install here, otherwise it will overwrite the installation

Back up the original installed nginx

$ cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak

Overwrite the original nginx with the newly compiled nginx

$ cp ./objs/nginx /usr/local/nginx/sbin/

Restart Nginx

$ cd /usr/local/nginx/sbin
$ ./nginx -s reload

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.

You may also be interested in:

WeChat Mini Program Server Environment Configuration Details (SSL, Nginx HTTPS, TLS 1.2 Upgrade)

<<: Analyze the difference between ES5 and ES6 apply

>>: Detailed explanation on how to avoid the pitfalls of replacing logical SQL in MySQL

Install Jenkins with Docker and solve the problem of initial plugin installation failure

How to upgrade https under Nginx

Install Jenkins with Docker and solve the problem of initial plugin installation failure

How to implement multiple parameters in el-dropdown in ElementUI

Simple steps to write custom instructions in Vue3.0

Several methods and advantages and disadvantages of implementing three-column layout with CSS

Using HTML web page examples to explain the meaning of the head area code

Serial and parallel operations in JavaScript

Sublime / vscode quick implementation of generating HTML code

Thoughts and experience sharing on interactive design of reading lists for information products

HTML Basics: HTML Content Details

WeChat applet implements search function and jumps to search results page

Recommend

Comprehensive analysis of optimistic locking, pessimistic locking and MVCC in MySQL

4 ways to modify MySQL root password (summary)

Detailed explanation of incompatible changes of components in vue3

The whole process record of vue3 recursive component encapsulation

A brief discussion on the efficiency of MySQL subquery union and in

How to monitor Tomcat using LambdaProbe

Detailed explanation of the reasons and optimizations for the large offset affecting performance during MySQL query

How many times will multiple setStates in React be called?

Solution to MySQL replication failure caused by disk fullness

Usage of mysql timestamp

Analysis of MySql index usage strategy

MySQL data migration using MySQLdump command

MySQL database advanced query and multi-table query

How to change the root user's password in MySQL

Summary of MySql storage engine and index related knowledge