How to upgrade https under Nginx
|
Purchase Certificate You can purchase it from Alibaba Cloud's Cloud Shield Certificate Service Download Certificate Download the Nginx version certificate in the Certificate Console. The compressed file package downloaded to the local computer contains:
Configure Nginx 1. Create a cert directory in the Nginx installation directory and copy all downloaded files to the cert directory. If you created a CSR file yourself when applying for a certificate, please put the corresponding private key file in the cert directory. 2. Open the nginx.conf file in the conf directory under the Nginx installation directory
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
gzip on; #Enable gzip
gzip_min_length 1k; #Resources below 1kb are not compressed gzip_comp_level 3; #Compression level [1-9]. The higher the compression level, the higher the compression rate, but also consumes more CPU resources. It is recommended to set it to around 4.
gzip_types text/plain application/javascript application/x-javascript text/javascript text/xml text/css; #Which response types of resources need to be compressed, separated by multiple spaces. It is not recommended to compress images. We will explain why below.
gzip_disable "MSIE [1-6]\."; #Configure the conditions for disabling gzip, supporting regular expressions. This means that gzip is not enabled for IE6 and below (because lower versions of IE do not support it)
gzip_vary on; #Whether to add "Vary: Accept-Encoding" response header server {
listen 80 default backlog=2048; #Configure http available listen 443 ssl; #Configure https
server_name localhost;
ssl_certificate ../cert/hzzly.pem; #Configure certificate file ssl_certificate_key ../cert/hzzly.key; #Configure private key file ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /home/hzzly;
index index.html index.htm;
}
# location ^~ /apis/ {
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-Server $host;
# # Match any request starting with /apis/ and stop matching other locations
# proxy_pass http://xxxxxxxxxx/;
# }
# location ^~ /assets/ {
# gzip_static on;
# expires max;
# add_header Cache-Control public;
# }
}
}
3. Restart Nginx $ cd /usr/local/nginx/sbin $ ./nginx -s reload Error details 1. If the SSL module is not enabled in Nginx, an error message will appear when configuring Https
Nginx enables SSL module Switch to the source package: $ cd /usr/local/src/nginx-1.16.0 Modify the new configure parameters $ ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module After the configuration is complete, run the command $ make //Do not perform make install here, otherwise it will overwrite the installation Back up the original installed nginx $ cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak Overwrite the original nginx with the newly compiled nginx $ cp ./objs/nginx /usr/local/nginx/sbin/ Restart Nginx $ cd /usr/local/nginx/sbin $ ./nginx -s reload The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM. You may also be interested in:
|
<<: Analyze the difference between ES5 and ES6 apply
>>: Detailed explanation on how to avoid the pitfalls of replacing logical SQL in MySQL
Recommend
jQuery framework implements three animation methods of element display and hiding
Table of contents 1. Display and hide by default ...
Pycharm2017 realizes the connection between python3.6 and mysql
This article shares with you how to connect pytho...
How to develop uniapp using vscode
Because I have always used vscode to develop fron...
Record a slow query event caused by a misjudgment of the online MySQL optimizer
Preface: I received crazy slow query and request ...
How to modify the root password of mysql under Linux
Preface The service has been deployed on MySQL fo...
A simple example of how to implement fuzzy query in Vue
Preface The so-called fuzzy query is to provide q...
Steps to set up and mount shared folders on Windows host and Docker container
Programs in Docker containers often need to acces...
Pure CSS to achieve a single div regular polygon transformation
In the previous article, we introduced how to use...
HTML Several Special Dividing Line Effects
1. Basic lines 2. Special effects (the effects ar...
Detailed explanation of VUE Token's invalidation process
Table of contents Target Thought Analysis Code la...
How to implement scheduled backup and incremental backup of uploaded files in Linux
introduce If you are using an OSS storage service...
Docker image import and export code examples
Import and export of Docker images This article i...
Build a file management system step by step with nginx+FastDFS
Table of contents 1. Introduction to FastDFS 1. I...
How to implement Linux automatic shutdown when the battery is low
Preface The electricity in my residence has been ...
Installation, configuration and use of process daemon supervisor in Linux
Supervisor is a very good daemon management tool....