The SSL module is not installed by default, and if you want to use the module, you will need to specify the –with-http_ssl_module parameter at compile time, and the installation module relies on the OpenSSL library and some reference files, usually not in the same package. Usually this file name is similar to Libssl-dev.
Generate certificate
You can generate a simple certificate by using the following steps:
First, go to the directory where you want to create the certificate and private key, for example:
$ cd/usr/local/nginx/conf
Create a server private key, and the command will let you enter a password:
$ OpenSSL genrsa-des3-out server.key 1024
Create a certificate (CSR) for the signing request:
$ OpenSSL req-new-key server.key-out SERVER.CSR
Remove the required password when loading SSL-supported Nginx and using the above private key:
$ CP Server.key server.key.org
$ OpenSSL rsa-in server.key.org-out Server.key
Configure Nginx
The last token certificate uses the above private key and the CSR:
$ OpenSSL x509-req-days 365-in server.csr-signkey server.key-out server.crt
Modify the Nginx configuration file to include the newly tagged certificate and private key:
server {
server_name your_domainname_here;
Listen 443;
SSL on;
SSL_CERTIFICATE/USR/LOCAL/NGINX/CONF/SERVER.CRT;
Ssl_certificate_key/usr/local/nginx/conf/server.key;
}
Restart Nginx.
This can be accessed in the following ways:
Https://YOUR_DOMAINNAME_HERE
In addition, the following code can be added to achieve 80 port redirection to 443IT People's paradise
server {
Listen 80;
server_name ww.centos.bz;
Rewrite ^ (. *) https://$server _name$1 permanent;
}
After configuring the SSL certificate for Nginx, HTTPS can be accessed normally, HTTP access shows a 400 error, and Nginx configuration is as follows:
server {
Listen default backlog=2048;
Listen 443;
server_name jp.com;
root/var/www/html;
SSL on;
SSL_CERTIFICATE/USR/LOCAL/TENGINE/SSLCRT/WOSIGN.COM.CRT;
Ssl_certificate_key/usr/local/tengine/sslcrt/wosign.com. Key;
}
When HTTP is accessed, the error is as follows:
Request
The plain HTTP Requset is sent to HTTPS port. Sorry for the inconvenience.
Please have the message and include the following information to us.
Thank you very much!
The HTTP request is sent to the HTTPS port, so this problem occurs.
2
server {
Listen default backlog=2048;
Listen 443 SSL;
server_name jp.com;
root/var/www/html;
SSL_CERTIFICATE/USR/LOCAL/TENGINE/SSLCRT/WOSIGN.COM.CRT;
Ssl_certificate_key/usr/local/tengine/sslcrt/wosign.com. Key;
}
Put SSL on; this line is removed and SSL is written behind port 443. This way HTTP and HTTPS links can be used, the perfect solution.
Problem: The game is logged in as a visitor, and verification does not pass. The next part of the HTTPS section commented out, only to be resolved, but the core problem has not been resolved, because the test is in progress, so also need the following HTTP and https coexistence way, is only an idea, not implemented. If the domain name access, but also need to register domain name binding IP, in addition to go online Apple arraignment, whether to buy SSL authentication. Domain purchases must be negotiated before they can be decided.
Remark: The above content English ability is good, can self-translation, because close to work, only for personal records, the second overtime ....
This article is from the "lake and Laughter" blog, please make sure to keep this source http://hashlinux.blog.51cto.com/9647696/1875197
Because Google audit to go under the HTTPS test