Nginx configuration SSL and WSS steps introduction

Preface

Recently, due to the release of WeChat mini-programs, the release of mini-programs must use the registered server domain name and https request method. A server has been registered before. This time the background service of the mini-program is deployed on another server. I don’t want to redeploy the background service, so I thought of installing Nginx on the registered server and configuring SSL, and reverse proxying to another server through Nginx.

1. Nginx installation

The author uses Tencent Cloud Server Centos 7.5. There are many installation tutorials on the Internet. The author also makes a record based on the online tutorials. The main installation process requires configuration and adding of the Nginx SSL module. If the installation is successful, you can skip this step.

1. Download Nginx

Download address: Index of /download/

After the download is complete, transfer it to the server or download it through the wget command:

wget http://nginx.org/download/nginx-1.9.0.tar.gz

2. Install dependencies

1) Install the gcc-c++ compiler

yum install gcc-c++
yum install -y openssl openssl-devel

2) Install the pcre package

yum install -y pcre pcre-devel

3) Install zlib package

yum install -y zlib zlib-devel

3. Compile and install Nginx

1) Unzip the installation package

tar -zvxf nginx-1.9.0.tar.gz

2) Switch to the nginx directory, configure nginx, and add the ssl module

cd nginx-1.9.0
./configure --with-http_ssl_module

./configure --with-http_ssl_module must be configured. When I installed it for the first time, I used the default configuration directly, which resulted in an error when configuring the SSL certificate.

3) Compile and install

make Install

4) Find the installation path

whereis nginx

5) Switch to the installation directory, enter the sbin directory, and start nginx

cd /usr/local/nginx/sbin./nginx

6) Check whether nginx is started successfully

2. SSL Configuration

1) Obtain the certificate

The author uses Tencent Cloud here, where you can apply for a free certificate and download the nginx version

2) Upload all downloaded certificate files to the server and place them in the conf directory of nginx (at the same level as the configuration file).

3) Enter the nginx.conf file and configure ssl information

 
#user nobody;
worker_processes 1;
 
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
 
#pid logs/nginx.pid;
events {
    worker_connections 1024;
}
http {
    include mime.types;
    default_type application/octet-stream;
    sendfile on;
    keepalive_timeout 65;
    server {
        listen 443;
        #Domain name server_name xxxxx bound to the certificate;
	    # Certificate file name. Both .pem and .crt certificate files can be used here. ssl_certificate xxxx.pem;
        # Due to version issues, some version configuration files need to add ssl on
	    ssl on;
	    #Private key file name ssl_certificate_key xxx.key;
        ssl_session_timeout 5m;
	    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
	    ssl_prefer_server_ciphers on;
        location / {
            root html;
            index index.html index.htm;
        }
 
        #error_page 404 /404.html;
 
        # redirect server error pages to the static page /50x.html
        #
        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
            root html;
        }
 
	location /ctp/{
        # Fill in the server address and port to be forwarded proxy_pass http://ip:port;
	}
      
    }
}

For detailed certificate configuration tutorials, please refer to Tencent Cloud: SSL Certificate Nginx Server SSL Certificate Installation and Deployment - Certificate Installation - Document Center - Tencent Cloud

3.WSS Configuration

Configuring nginx as a websocket proxy is much simpler than you might think. You can use the HTTP Upgrade protocol header to upgrade the connection from an HTTP connection to a WebSocket connection. The specific configuration is as follows:

location /ctp/{
            # Fill in the server address and port to be forwarded proxy_pass http://ip:port;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'Upgrade';
        }

This is the end of this article about the steps to configure SSL and WSS in Nginx. For more relevant content about configuring SSL and WSS in Nginx, please search for previous articles on 123WORDPRESS.COM or continue to browse the related articles below. I hope you will support 123WORDPRESS.COM in the future!