Steps to configure nginx ssl to implement https access (suitable for novices)

Preface

After deploying the server, I visited my website with great joy and was satisfied with everything I saw. But once the excitement wore off, I realized, hey, why is there a message in the upper left corner of the browser saying it’s not secure? After thinking about it, I decided, no, I also want to set up https and lock it!

The HTTP protocol sends content in plain text and does not provide any form of data encryption. To ensure the security of data transmission, HTTPS adds the SSL protocol based on HTTP. SSL relies on certificates to verify the identity of the server and encrypts the communication between the browser and the server.

Apply for a certificate

Here, I directly apply for Tencent Cloud's free certificate. It should be noted here that the free certificate issued by the Asian Integrity Agency can only be used for one domain name, and sub-domains need to be applied for separately. You know what, the application process in Tencent is quite fast. It was approved in just over ten minutes. The downloaded file is a zip file. After unzipping it, open the Nginx folder inside and copy the 1_XXX.com_bundle.crt and 2_XXX.com.key files.

Open the nginx configuration file

If you don’t know the location of the nginx file, you can use the whereis nginx command to find it.

My configuration file is in /ect/nginx. Now copy the two certificate files and configure them directly. The configuration file of nginx is nginx.conf. The configuration contents are as follows. For easy understanding, I have added comments.

# The default user is nginx, so you don’t need to set user nginx;
#Nginx process, usually set to the same number of CPU cores worker_processes 1;

#Error log storage directory error_log /var/log/nginx/error.log warn;
#Process pid storage location pid /var/run/nginx.pid;

events {
 worker_connections 1024; # Maximum number of concurrent connections for a single background process}

http {
 include /etc/nginx/mime.types; #File extension and type mapping table default_type application/octet-stream; #Default file type #Set log mode log_format main '$remote_addr - $remote_user [$time_local] "$request" '
   '$status $body_bytes_sent "$http_referer" '
   '"$http_user_agent" "$http_x_forwarded_for"';

 access_log /var/log/nginx/access.log main; #nginx access log storage location sendfile on; #Enable efficient transmission mode #tcp_nopush on; #Reduce the number of network segments keepalive_timeout 65; #The time to maintain the connection, also called the timeout time #gzip on; #Enable gzip compression include /etc/nginx/conf.d/*.conf; #Included sub-configuration item location and file}

Just take a quick look at it, this is the global configuration. For better management, we still configure the sub-projects in the /etc/nginx/conf.d folder declared in the last line.

Open the default.conf file.

#Set virtual host configuration server {
 #Listen to port 443, this is the SSL access port listen 443;
 #Define the domain name server_name XXX.com to be used for access;
 #Define the server's default website root directory location root /web/www/website/dist; 

 #Set the access log of this virtual host access_log logs/nginx.access.log main;

 # These are the configurations recommended by Tencent Cloud. You can use them directly. Just modify the certificate path. Note that these paths are relative to the /etc/nginx/nginx.conf file location ssl on;
 ssl_certificate 1_XXX.com_bundle.crt;
 ssl_certificate_key 2_XXX.com.key;
 ssl_session_timeout 5m;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #Configure according to this protocol ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; #Configure according to this suite ssl_prefer_server_ciphers on;

 #Default request location / { 
 root /web/www/website/dist; 
 #Define the name of the homepage index file index index.html;
 }

 #Static files, nginx handles it itself location ~ ^/(images|javascript|js|css|flash|media|static)/ {
 #Expiration date is 30 days. Static files are rarely updated. You can set a larger expiration date.
 #If you update frequently, you can set it smaller.
 expires 30d;
 }

 #Prohibit access to .htxxx files# location ~ /.ht {
 # deny all;
 #}

}
server
{
 # Port 80 is the normal access interface of http listen 80;
 server_name XXX.com;
 # Here, I have done full encryption on https, and automatically jump to https when accessing http
 rewrite ^(.*) https://$host$1 permanent;
}

Well, that’s basically all the configuration. It’s pretty simple. Welfare for newbies.

Then we write the configuration file and test it with nginx

nginx -t

That’s it. After this, you can restart nginx to take effect.

It should be noted here that after importing the new certificate, you need to restart instead of reload. nginx -s reload is a normal configuration modification reload.

# Stop nginx
nginx -s stop
# Start nginx

After restarting, I visited my website again. Wow, it was perfect. There was a lock in the upper left corner, indicating a secure connection. Oh, done, happy.

Nginx daily operation commands

• nginx -t test configuration file
• nginx -s reload to make the configuration effective after modification
• nginx -s reopen to reopen the log file
• nginx -s stop Quick stop
• nginx -s quit

View nginx process

ps -ef | grep nginx

Summarize

The above is the full content of this article. I hope that the content of this article will have certain reference learning value for your study or work. If you have any questions, you can leave a message to communicate. Thank you for your support for 123WORDPRESS.COM.