Nginx Configuration HTTPS certificate authentication

Nginx Configuration HTTPS certificate authentication

First, what is the SSL certificate

SL Certificate All the way: the SSL secure channel (Secure Socket Layer (SSL). This security protocol is mainly used to provide authentication to the user and server, encrypt and hide the transmitted data, ensure that the data is not changed in the transmission, that is, the integrity of the data, has become the standard of globalization in this field.

An SSL certificate is a digital certificate, similar to an electronic copy of a driver's license, passport, and business license. This is also known as an SSL server certificate because it is configured on the server.

The SSL certificate is the SSL protocol, which is issued by a trusted Digital certification authority CA (such as VeriSign) after authenticating the server, with server authentication and data transfer encryption.

TLS version number and related instructions

Secure Transport Layer Protocol (TLS) is used to provide confidentiality and data integrity between two communication applications. The protocol consists of two tiers: the TLS recording Protocol (TLS record) and the TLS Handshake Protocol (TLS handshake).

Second, configure the server

1. Get the certificate

Obtained through the certification authority, that is, to find the certificate of sale.

2. Install the server certificate

To upload the certificate file to the Conf directory of the Nginx installation directory, my installation directory is

/usr/local/nginx/conf/

In order to facilitate the management of certificates I created a certificate in the Conf directory of the Unified Management directory Https_ssl directory, I will all certificates

Stored under the conf/https_ssl/.

The certificate can be renamed for the sake of the recognition of the certificate.

MV Server.key Aaaaaa.key

MV Server.pem AAAAAA.PEM

Nginx Virtual Host Configuration

server {

Listen 443; #修改端口号为443, if you have a firewall, remember to turn on the firewall

server_name aaaaaaa; #域名我隐藏了, don't mind aaaaaa

root/data/www/www.test.com;

Index index.phpindex.html index.htm;

Access_log/data/wwwlogs/rewrite.log access;

SSL on; #SSL功能开启, using SSL communication protocol

Ssl_certificate Https_ssl/server.pem; #证书文件

Ssl_certificate_key Https_ssl/server.key; #私钥文件

Ssl_session_timeout 5m; The client can reuse the expiration time of the SSL parameter in the session cache, the intranet system default 5 minutes is too short, can be set to 30m 30 minutes or even 4h

Ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #支持的SSL协议标准

ssl_ciphersaesgcm:all:! Dh:! export:! rc4:+high:! medium:! Low:!anull:!enull; Select Encryption Suite

Ssl_prefer_server_ciphers on; #设置协商加密算法时, priority is given to our service-side encryption suite instead of the encryption suite of the client browser

Location ~ \.php$ {

fastcgi_pass127.0.0.1:9000;

Fastcgi_index index.php;

Fastcgi_paramscript_filename/scripts$fastcgi_script_name;

Include fastcgi.conf;

}

}

Test access, HTTPS:AAAAA can see a green lock, stating that it has been configured successfully, depending on how the browser views the certificate

It's different, I'm using Firefox.

HTTPS is much more expensive to access than HTTP in real-world usage

Nginx Configuration HTTPS certificate authentication