Regarding the certificate required for https, you can apply on StartSSL. For the principle part, please move on to build the website as https. The server module of nginx configures the monitoring of port 443, and sends the certificate and private key information. Also listed completely, nginx’s server module configures port 80 to force a jump to https.
Public key private key ssh-keygen -t rsa -C "new email" certificate, public key plus CA certification
TLS1.2 is the highest version currently, and no bugs have been found. Don't choose SSL. TLS is a subsequent version of SSL and is more secure than SSL. OpenSSL supports TLS.
As long as you understand the principles of a series of technologies such as RSA encryption and decryption, symmetric encryption and decryption, and SHA digest signature, you can understand their applications. Among them, SHA1 has been cracked by Professor Wang Xiaoyun of Shandong University, and SHA2 is used instead.
For the certificate sent by the server, the browser needs to go to its CA Verify whether it is trustworthy
The certificate private key is mainly used to negotiate the symmetric encryption key
StartSSL is a free, globally certified certificate provider. For specific registration and usage, please refer to its official website. This blog post explains it in detail.
#redirect to httpsserver { listen 80; server_name blog.huachao.me; return 301 https://$server_name$request_uri; }
proxy & ssl
server { listen 443 ssl; server_name blog.huachao.me; ssl on; ssl_certificate /path/to/cert_file; ssl_certificate_key /path/to/private_key; location / { proxy_pass http://localhost:port; } }
The above is the detailed content of How to deploy https encryption authentication in Nginx. For more information, please follow other related articles on the PHP Chinese website!