Nginx https encryption and nginx log configuration and management

Source: Internet
Author: User
Tags openssl rsa website performance rsyslog

Nginx https encryption and nginx log configuration and management

Advantages of using Nginx
As a WEB server, Nginx is highly efficient in processing static files, index files, and automatic indexes.
As a proxy server, Nginx can implement non-Cache reverse proxy to improve website performance.
As a Server Load balancer, Nginx supports both PHP and HTTP proxy servers for external services. It also supports Simple Error Tolerance and load using algorithms;
Www.2cto.com
In terms of performance: Nginx is designed for performance optimization. performance is the most important consideration, and efficiency is very important in implementation. It supports the kernel Poll model and can withstand the high load test. The report shows that it supports up to 50,000 concurrent connections.

Nginx has high stability. When other HTTP servers encounter access peaks, or someone maliciously initiates
During slow connection, it is also likely that the physical memory of the server is exhausted and frequently exchanged. If the response is lost, the server can only be restarted. For example, once Apache has over 200 processes, the web response speed is obviously very slow. Nginx
The phased Resource Allocation technology is used to reduce the CPU and memory usage. Nginx officially said that it maintains 10,000 idle connections, which only occupies MB of memory. Therefore, DOS attacks are useless to Nginx;
Nginx High Availability: Nginx supports hot deployment, which is easy to start and can run almost without interruption, even if it runs for several months, it does not need to be restarted. You can also upgrade the software version without interrupting the service.
Www.2cto.com
1. Install the nginx configuration file
1. Before installation, make sure that the dependency packages related to the development environment are installed; rpm-qa | grep gcc-c ++ rpm-qa | grep openssl rpm-qa | grep pcre 2. Install the nginx server; 41 tar zxvf nginx-0.8.29.tar.gz 42 ls 43 useradd nginx-s/sbin/nologin 44 cd nginx-0.8.29 45 mkdir/usr/local/nginx 47. /configure -- prefix =/usr/local/nginx -- user = nginx -- group = nginx -- with-http_stub_status_module -- with-http_ssl_module 48 make & make install 3. Create a virtual directory and modify the configuration file
[Root @ CentOS6 sbin] #./nginx [root @ CentOS6 sbin] # pwd/usr/local/nginx/sbin 4. Then, test whether the node can be opened;

2. Test https;
As we all know, we use the http protocol for Internet access, which is transmitted in plaintext by default. Of course, data may be intercepted during plaintext transmission. https is simply a secure version of http, designed to ensure that files transmitted by users are not stolen. Next we will configure the nginx-based https protocol.
First, use the openssl installation package. We have checked the installation of nginx. Note that if we configure the https protocol, nginx needs to enable ssl. We have enabled nginx during nginx configuration. Next we can configure it.
1. First, we need to generate a certificate. Then we need to enter the certificate directory, create a certificate, and set the password.

2. generate the private key [root @ CentOS6 certs] # openssl rsa-in rsyslog. key-out rsyslog. key Enter pass phrase for rsyslog. key: Enter your password Enter pass phrase for rsyslog. key: enter your mom's writing RSA key again. create a certificate rsyslog. csr. when creating the csr, you must note that you need to write the name of the computer. You can use the hostname to view the csr.

4. the Certificate Authority is used to issue public keys. Because a certificate is generated locally and is not issued by an Internet CA Certificate Authority, a browser warning is displayed during access, we can add it to the certificate trust organization.

5. Then we modify the configuration file. Note that we can copy the default ssl module to the created virtual directory. Do not open it by default, and then modify the path. Is the complete configuration. Remember to restart the service.

6. Test whether https is normal.


3. nginx Log System Management;
1. as a qualified O & M service, we should first be familiar with the servers we maintain. Therefore, log management and reading are essential. We can check whether the system is normal through logs, are there any malicious attacks or malicious scans on highly concurrent servers. The log traffic is large. Therefore, we need to regularly truncate logs, and then we use virtual directories to test the token;

2. Then we use cronolog to manage logs. First, we install cronolog.

3. Configure cronolog

4. Test. First, refresh the webpage on the client, and then check whether any generated log file exists in the virtual directory of the server.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.