Home > Operation and Maintenance > Nginx > How to upgrade https under Nginx

How to upgrade https under Nginx

WBOY
Release: 2023-05-14 16:49:12
forward
1003 people have browsed it

Download Certificate

Download the nginx version certificate in the certificate console. The compressed file package downloaded to the local area after decompression contains:

  • .pem file: certificate file

  • .key file: the private key file of the certificate (If you do not choose to automatically create csr when applying for a certificate, there will be no such file)

Configuring nginx

1. In nginx Create a cert directory in the installation directory, and copy all the downloaded files to the cert directory. If you create a csr file yourself when applying for a certificate, please place the corresponding private key file in the cert directory.

2. Open the nginx.conf file in the conf directory under the nginx installation directory

#user nobody;
worker_processes 1;

#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;

#pid    logs/nginx.pid;

events {
  worker_connections 1024;
}

http {
  include    mime.types;
  default_type application/octet-stream;

  #log_format main '$remote_addr - $remote_user [$time_local] "$request" '
  #         '$status $body_bytes_sent "$http_referer" '
  #         '"$http_user_agent" "$http_x_forwarded_for"';

  #access_log logs/access.log main;

  sendfile    on;
  #tcp_nopush   on;

  #keepalive_timeout 0;
  keepalive_timeout 65;

  gzip on;  #开启gzip
  gzip_min_length 1k; #低于1kb的资源不压缩
  gzip_comp_level 3; #压缩级别【1-9】,越大压缩率越高,同时消耗cpu资源也越多,建议设置在4左右。
  gzip_types text/plain application/javascript application/x-javascript text/javascript text/xml text/css; #需要压缩哪些响应类型的资源,多个空格隔开。不建议压缩图片,下面会讲为什么。
  gzip_disable "msie [1-6]\."; #配置禁用gzip条件,支持正则。此处表示ie6及以下不启用gzip(因为ie低版本不支持)
  gzip_vary on; #是否添加“vary: accept-encoding”响应头

  server {
    listen    80 default backlog=2048; #配置http可用
    listen    443 ssl; #配置https
    server_name localhost;

    ssl_certificate   ../cert/hzzly.pem; #配置证书文件
    ssl_certificate_key ../cert/hzzly.key; #配置私钥文件

    ssl_session_cache  shared:ssl:1m;
    ssl_session_timeout 5m;

    ssl_ciphers high:!anull:!md5;
    ssl_prefer_server_ciphers on;

    location / {
      root  /home/hzzly;
      index index.html index.htm;
    }

    # location ^~ /apis/ {
    #   proxy_set_header host $host;
    #   proxy_set_header x-real-ip $remote_addr;
    #   proxy_set_header x-forwarded-server $host;
    #   # 匹配任何以 /apis/ 开始的请求,并停止匹配 其它location
    #   proxy_pass http://xxxxxxxxxx/;
    # }

    # location ^~ /assets/ {
    #   gzip_static on;
    #   expires max;
    #   add_header cache-control public;
    # }
  }
}
Copy after login

3. Restart nginx

$ cd /usr/local/nginx/sbin
$ ./nginx -s reload
Copy after login
Copy after login

Error details

1. If nginx does not enable the ssl module, it will prompt an error when configuring https

nginx: [emerg] the "ssl" parameter requires ngx_http_ssl_module in ...

nginx opens the ssl module

Switch to the source package:

$ cd /usr/local/src/nginx-1.16.0
Copy after login

Modify the new configure parameters

$ ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
Copy after login

After the configuration is completed , run the command

$ make //这里不要进行make install,否则就是覆盖安装
Copy after login

Back up the original installed nginx

$ cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
Copy after login

Overwrite the original nginx with the just compiled nginx

$ cp ./objs/nginx /usr/local/nginx/sbin/
Copy after login

Restart nginx

$ cd /usr/local/nginx/sbin
$ ./nginx -s reload
Copy after login
Copy after login

The above is the detailed content of How to upgrade https under Nginx. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:yisu.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template