Nginx Configure SSL certificate, allow SSL access

Source: Internet
Author: User
Tags ssl certificate

Official reference documentation, including the SSL configuration for Apache, Nginx, and IIS:

http://www.wosign.com/Docdownload/


Instance one, configure HTTP to forward to HTTPS, a virtual host has two servers, some content use * * instead

NGX01 (10.66.**.**), Ngx02 (10.66.**.**)
1, add the Sslkey folder in/etc/nginx, import the SSL certificate to the folder, refer to the attachment
2. Modify the virtual host
Upstream am***

{server 172.22.**.*:80; keepalive 100;}

server {
Listen 80;
server_name www.***-dmp.cn;
rewrite "^/(. *) $" https://www.***-dmp.cn/$1  Break ; #这里配置http转发到https

Proxy_headers_hash_max_size 51200;
Proxy_headers_hash_bucket_size 6400;

Location/

{# access_log/var/log/nginx/access_www.log; proxy_http_version 1.1; Proxy_set_header Connection ""; Proxy_set_header Host $host; Proxy_set_header X-real-ip $http _x_forwarded_for; Proxy_set_header X-forwarded-server $host; Proxy_set_header x-forwarded-for $http _x_forwarded_for; Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for; Proxy_pass http://amnet/; }

location/web/

{alias/opt/wwwroot/web/; # access_log/var/log/nginx/access_web.log;}

}

server {
Listen 443; #监听443端口
server_name www.***-dmp.cn;

SSL on; #打开ssl
Ssl_certificate SSLKEY/1__.***-DMP.CN_BUNDLE.CRT; #指定ssl的证书和key
Ssl_certificate_key Sslkey/2__.***-dmp.cn.key;

Proxy_headers_hash_max_size 51200;
Proxy_headers_hash_bucket_size 6400;

Location/

{# access_log/var/log/nginx/access_www.log; proxy_http_version 1.1; Proxy_set_header Connection ""; Proxy_set_header Host $host; Proxy_set_header X-real-ip $http _x_forwarded_for; Proxy_set_header X-forwarded-server $host; Proxy_set_header x-forwarded-for $http _x_forwarded_for; Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for; Proxy_pass http://amnet/; }

location/web/

{alias/opt/wwwroot/web/; # access_log/var/log/nginx/access_web.log;}

}

Instance two, HTTP and HTTPS can be used, do not jump, need to configure two virtual host, such as the original ***.conf virtual host configuration file, add a ***-https.conf virtual host configuration file, the contents are as follows:

NGX03 (10.66.**.**), Ngx04 (10.66.**.**)
1, add/etc/nginx folder in Sslkey, import SSL certificate into this folder, refer to Attachment
2, the original virtual host configuration file ***.conf, add the virtual host ***-https.conf, the content is as follows:
Server {
Listen 443;              #监听443端口

server_name cm.***-dmp.cn cm.***akidmp.com;
#打开ssl                       

Ssl_certificate SSLKEY/1__.***-DMP.CN_BUNDLE.CRT; #指定ssl的证书和key

Ssl_certificate_key Sslkey/2__.***-dmp.cn.key;

Location/favicon.ico

{access_log off; error_log/dev/null Crit;}

Location/index.html

{alias/var/www/index.html;}

Location/1_1.gif

{alias/var/www/1_1.gif;}

Proxy_headers_hash_max_size 51200;
Proxy_headers_hash_bucket_size 6400;

Location/

{proxy_http_version 1.1; Proxy_set_header Connection ""; Proxy_set_header Host $host; Proxy_set_header X-real-ip $remote _addr; Proxy_set_header X-forwarded-server $host; Proxy_set_header x-forwarded-for $http _x_forwarded_for; Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for; Proxy_pass http://aaccm/; }

Location/crossdomain.xml

{alias/usr/local/track/crossdomain.xml;}
}


In fact, example two in another way, in a virtual host Configuration Two server, one using 80 port HTTP, the other using 443 port HTTPS, but 80 do not forward it, that is, no:rewrite "^/(. *) $" HTTPS ://www.***-dmp.cn/$1 break ;

I guess this should also be possible, because my time and conditions are limited, there is no actual test, we have time to try again.

This article comes from "Plum blossom fragrance from bitter cold!" "Blog, be sure to keep this provenance http://daixuan.blog.51cto.com/5426657/1774945

Nginx Configure SSL certificate, allow SSL access

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.