Download Certificate
Download the nginx version certificate in the certificate console. The compressed file package downloaded to the local area after decompression contains:
.pem file: certificate file
.key file: the private key file of the certificate (If you do not choose to automatically create csr when applying for a certificate, there will be no such file)
Configuring nginx
1. In nginx Create a cert directory in the installation directory, and copy all the downloaded files to the cert directory. If you create a csr file yourself when applying for a certificate, please place the corresponding private key file in the cert directory.
2. Open the nginx.conf file in the conf directory under the nginx installation directory
#user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; gzip on; #开启gzip gzip_min_length 1k; #低于1kb的资源不压缩 gzip_comp_level 3; #压缩级别【1-9】,越大压缩率越高,同时消耗cpu资源也越多,建议设置在4左右。 gzip_types text/plain application/javascript application/x-javascript text/javascript text/xml text/css; #需要压缩哪些响应类型的资源,多个空格隔开。不建议压缩图片,下面会讲为什么。 gzip_disable "msie [1-6]\."; #配置禁用gzip条件,支持正则。此处表示ie6及以下不启用gzip(因为ie低版本不支持) gzip_vary on; #是否添加“vary: accept-encoding”响应头 server { listen 80 default backlog=2048; #配置http可用 listen 443 ssl; #配置https server_name localhost; ssl_certificate ../cert/hzzly.pem; #配置证书文件 ssl_certificate_key ../cert/hzzly.key; #配置私钥文件 ssl_session_cache shared:ssl:1m; ssl_session_timeout 5m; ssl_ciphers high:!anull:!md5; ssl_prefer_server_ciphers on; location / { root /home/hzzly; index index.html index.htm; } # location ^~ /apis/ { # proxy_set_header host $host; # proxy_set_header x-real-ip $remote_addr; # proxy_set_header x-forwarded-server $host; # # 匹配任何以 /apis/ 开始的请求,并停止匹配 其它location # proxy_pass http://xxxxxxxxxx/; # } # location ^~ /assets/ { # gzip_static on; # expires max; # add_header cache-control public; # } } }
3. Restart nginx
$ cd /usr/local/nginx/sbin $ ./nginx -s reload
Error details
1. If nginx does not enable the ssl module, it will prompt an error when configuring https
nginx: [emerg] the "ssl" parameter requires ngx_http_ssl_module in ...
nginx opens the ssl module
Switch to the source package:
$ cd /usr/local/src/nginx-1.16.0
Modify the new configure parameters
$ ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
After the configuration is completed , run the command
$ make //这里不要进行make install,否则就是覆盖安装
Back up the original installed nginx
$ cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
Overwrite the original nginx with the just compiled nginx
$ cp ./objs/nginx /usr/local/nginx/sbin/
Restart nginx
$ cd /usr/local/nginx/sbin $ ./nginx -s reload
The above is the detailed content of How to upgrade https under Nginx. For more information, please follow other related articles on the PHP Chinese website!