Nginx uses SSL module configuration to support HTTPS access

Source: Internet
Author: User
Tags install openssl openssl x509 nginx server

The SSL module is not installed by default, and if you want to use the module, you will need to specify the –with-http_ssl_module parameter when you compile Nginx.

Demand:
Doing a website domain name for www.localhost.cn requires access through https://www.localhost.cn.

10.10.100.8 www.localhost.cn

Experimental steps:

1. First ensure that OpenSSL and Openssl-devel are installed on the machine

#yum Install Openssl#yum Install Openssl-devel

2. Create a server private key, and the command will let you enter a password:

OpenSSL genrsa-des3-out Server.key 1024
Generates a private key #因为以后要给nginx使用. Each time you reload Nginx configuration, you need to verify the PAM password. You can type and then delete the password because it must be entered at the time of generation.

3. Create a certificate (CSR) for the signing request:

4. Remove the required password when loading SSL-supported Nginx and using the above private key:

CP Server.key SERVER.KEY.ORGOPENSSL rsa-in server.key.org-out server.key//Remove password so that no password is required for reload inquiry

5. Configure Nginx
The last token certificate uses the above private key and the CSR:

OpenSSL x509-req-days 365-in server.csr-signkey server.key-out server.crt

6. Modify the Nginx configuration file to include the newly tagged certificate and private key:

#vim/usr/local/nginx/conf/nginx.conf http {        include server/*.cn;}

7. Modify the Nginx configuration file to include the newly tagged certificate and private key:

#vim/usr/local/nginx/server/www.localhost.cnserver {         listen       443;  The listening port is 443         server_name  www.localhost.cn;          SSL on                  ;  Turn on SSL         ssl_certificate      /etc/pki/tls/certs/server.crt;   Certificate location         ssl_certificate_key  /etc/pki/tls/certs/server.key;   Private key position         ssl_session_timeout  5m;         Ssl_protocols  SSLv2 SSLv3 TLSv1;  Specifies the format that the password is supported for OpenSSL         ssl_ciphers  high:!anull:! MD5; Password encryption mode         ssl_prefer_server_ciphers on   ;//server password that relies on SSLv3 and TLSV1 protocol will take precedence over client password location          /{             root   html;    The relative position of the root directory             index  index.html index.htm;         }     

8. Start the Nginx server.

#/usr/local/nginx/sbin/nginx-s Reload//If the environment allows the direct killing process at the start of Nginx

If "[Emerg] 10464#0:unknown directive" SSL "in/usr/local/nginx-0.6.32/conf/nginx.conf:74" is present, the SSL module is not compiled into Nginx, Add "--with-http_ssl_module" to the Configure.

such as: [[email protected] nginx-1.4.4]#./configure--prefix=/usr/local/nginx--user=www--group=www--with-http_stub_ Status_module--with-http_ssl_module

9. Test whether the website can be accessed via HTTPS

https://www.localhost.cn

In addition, you can also add the following code to enable 80 port redirection to 443

server {listen 80;server_name www.localhost.cn; #rewrite ^ (. *) https://$server _name$1 permanent;rewrite ^ (. *) $  https://$host $ permanent;}

The following configuration allows you to set up a virtual host to support both HTTP and HTTPS

Listen 80;listen 443 default SSL;

.

Reference Document: http://dreamfire.blog.51cto.com/418026/1141302/

 

Nginx uses SSL module configuration to support HTTPS access

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.