How to deploy SSL certificate in Nginx

Brief introduction

Nginx is the latest high-performance web server. Compared with the traditional Apache server, especially under a large number of concurrent client connections, the performance is improved by more than 10 times. Many large PHP websites use Nginx servers. Although Nginx uses the network I/O model of the Linux 2.6 kernel and epull architecture, it is still relatively similar to Apache in use and is a very good alternative to Apache.

SSL Certificate Introduction

SSL certificate is a type of digital certificate, similar to electronic copies of driver's licenses, passports and business licenses. Because it is configured on the server, it is also called an SSL server certificate. The SSL certificate complies with the SSL protocol and is issued by a trusted digital certificate authority CA after verifying the server's identity. It has server identity verification and data transmission encryption functions.

SSL Authentication Principle

1. Handshake protocol

The handshake protocol is the first sub-protocol used when the client and server communicate via SSL connection. The handshake protocol includes the client A series of messages to and from the server. The most complex protocol in SSL is the handshake protocol. This protocol allows the server and client to authenticate each other, negotiate encryption and MAC algorithms, and secret keys to protect data sent in SSL records. The handshake protocol is used before data transfer by the application.

2. Recording protocol

The recording protocol is used after the client and server handshake successfully, that is, after the client and server authenticate each other and determine the algorithm used for security information exchange, they enter the SSL recording protocol. The record protocol provides two services to SSL connections:

(1) Confidentiality: implemented using a secret key defined by the handshake protocol

(2) Integrity: The handshake protocol defines the MAC, with To ensure message integrity

3. Alert protocol

When the client and server find an error, they send an alert message to each other. If it is a fatal error, the algorithm immediately closes the SSL connection, and both parties will also delete the relevant session numbers, secrets and keys first. Each alarm message has a total of 2 bytes. The first byte indicates the error type. If it is an alarm, the value is 1. If it is a fatal error, the value is 2. The second byte specifies the actual error type.

SSL Certificate Deployment Preparations

1. Download the certificate

After downloading and decompressing the certificate, you will see files with the suffix .key and .pem. Upload these two files to On the nginx server, create the cert folder under the conf file and copy the certificate under this file.

2. Deploy the certificate

./nginx -t View the nginx installation path, find the nginx.conf configuration file and edit it

on the server Add below

server_name your domain name address;

listen 443 ssl;
ssl_certificate conf/cert/.pem;
ssl_certificate_key conf/cert/.key;

3. Configure http to automatically jump to https

Add a server and add the following configuration

listen 80;
server_name your domain name;
rewrite ^(.*)$ https://$host$1;

4. Load nginx configuration

./nginx -s reload

Finally open the web page for verification

The above is the detailed content of How to deploy SSL certificate in Nginx. For more information, please follow other related articles on the PHP Chinese website!