Implementation of Nginx configuration Https security authentication

1. The difference between Http and Https

HTTP: It is the most widely used network protocol on the Internet. It is a standard for client and server requests and responses (TCP). It is a transmission protocol used to transmit hypertext from WWW servers to local browsers. It can make browsers more efficient and reduce network transmission.

HTTPS: It is an HTTP channel with security as its goal. Simply put, it is a secure version of HTTP, that is, an SSL layer is added under HTTP. The security basis of HTTPS is SSL, so SSL is required for encrypted details. The main functions of the HTTPS protocol can be divided into two types: one is to establish an information security channel to ensure the security of data transmission; the other is to confirm the authenticity of the website.

The main differences between HTTPS and HTTP are as follows:

1. The https protocol requires applying for a certificate from a CA. Generally, there are fewer free certificates, so a certain fee is required.
2. HTTP is the hypertext transfer protocol, and information is transmitted in plain text, while HTTPS is the secure SSL encrypted transmission protocol.
3. http and https use completely different connection methods and different ports. The former is 80 and the latter is 443.
4. The http connection is very simple and stateless. The HTTPS protocol is a network protocol built by SSL+HTTP protocol that can perform encrypted transmission and identity authentication. It is more secure than the http protocol.

1) HTTP access: Unauthenticated access on some browsers will prompt that it is unsafe and poses a security risk

2) https access: after authentication

Nginx Configuration Https

1. Install SSL module of nginx

1. Before configuring the SSL certificate, make sure that your nginx has the SSL module installed. Generally, the nginx installed by yourself does not have the SSL module.

Check whether your nginx has the ssl module installed

cd nginx installation directory sbin input

./nginx -V 

If the information in the red box appears, it proves that it has been installed.

2. If the ssl module is not installed

Enter the directory where you unzipped nginx (not the directory where nginx is installed) and enter

./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module

Next execute

make #Remember not to execute make install, otherwise nginx will be reinstalled

3. Enter the objs folder, there is an nginx file in the folder, replace the nginx under sbin

#If nginx is turned on, enter sbin first and stop the nginx service./nginx -s stop #Stop nginx service# cp compressed nginx path (your own) installed nginx path (your own) 
cp /root/nginx/objs/nginx /usr/local/ngin/sbin

4. After success, enter the nginx installation directory to check whether ssl is installed successfully

./nginx -V
#Insufficient permissions to execute Give nginx permissions chmod 111 nginx

2. Configure SSL Certificate

Alibaba Cloud can apply for free SSL certificates, which can be found on Baidu (certificates are usually pem and key files)

1. Upload the certificate to a folder (custom)

mkdir -p /nginx/card-key-pem 

2. Configure ssl and enter the conf file in the nginx installation directory

cd /usr/local/nginx/conf
vim nginx.conf

http {
    include mime.types;
    default_type application/octet-stream;
    sendfile on;
    keepalive_timeout 65;
    
server {
        listen 443; #Listen to port 443 server_name www.qingfenginn.top; #Your domain name ssl on; #Turn on ssl
        ssl_certificate /root/nginx/card-key-pem/5386933_www.qingfenginn.top.pem; #The pem file path of the ssl certificate you uploaded ssl_certificate_key /root/nginx/card-key-pem/5386933_www.qingfenginn.top.key; #The key file path of the ssl certificate you uploaded location / { #Access path#Reverse proxy to your project http://Public network address: port proxy_pass http://www.qingfenginn.top:81; 
        }
 }


server {
        listen 80; #Listen to port 80 server_name www.qingfenginn.top;
		#Convert the request to https
        rewrite ^(.*)$ https://$host$1 permanent; 
    }
}

Note: After configuration, nginx will listen to both port 443 and port 80. Port 443 needs to be added to the security group development port.

3. Restart nginx to make the configuration take effect

Enter the sbin directory

First check whether the configuration file is correct

./nginx -t 

Start nginx

./nginx -s reload //Restart./nginx -s stop //Stop./nginx //Start

You can then access it using your domain name

This is the end of this article about the implementation of Nginx configuration Https security authentication. For more relevant Nginx configuration Https authentication content, please search 123WORDPRESS.COM's previous articles or continue to browse the following related articles. I hope everyone will support 123WORDPRESS.COM in the future!