How to implement Nginx HTTPS configuration

How to implement Nginx HTTPS configuration requires specific code examples

Preface

With the development of the Internet and the improvement of security awareness, more and more Many websites have begun to enable the HTTPS protocol to protect user privacy and security. As a high-performance open source web server, Nginx can not only configure HTTP, but also HTTPS. This article will introduce how to implement Nginx HTTPS configuration, and attach specific code examples for your reference and use.

1. Generate certificate and private key

To enable the HTTPS protocol, you first need to generate an SSL certificate and private key. The SSL certificate is used to verify the server's identity, and the private key is used to encrypt and decrypt transmitted data. You can use certificates signed by various certificate authorities (CAs), or you can use self-signed certificates.

The method to generate a self-signed certificate is as follows:

1. Open the terminal and enter the following command in the command line:

openssl req -x509 -newkey rsa:2048 -nodes -sha256 -keyout private.key -out certificate.crt -subj "/CN=www.example.com"

Among them, private .key is the name of the private key file, certificate.crt is the name of the certificate file, www.example.com is the domain name of the server, which can be modified according to the actual situation.

2. After entering the above command, you will be asked to enter some certificate-related information, including country, state, city, organization, etc. Just follow the prompts and enter.
3. After the input is completed, the private key file private.key and the certificate file certificate.crt will be generated in the current directory.

2. Edit the Nginx configuration file

After generating the certificate and private key, you need to edit the Nginx configuration file and enable the HTTPS protocol. The following is a simple Nginx configuration example:

server {
    listen 443 ssl;
    server_name www.example.com;

    ssl_certificate /path/to/certificate.crt;  # 证书文件路径
    ssl_certificate_key /path/to/private.key;   # 私钥文件路径

    location / {
        # 其他配置...
    }
}

Among them, listen 443 ssl; means using HTTPS protocol and listening on port 443; server_name www.example.com; Specify the domain name of the server; ssl_certificate and ssl_certificate_key specify the file paths of the certificate and private key respectively.

3. Restart the Nginx service

After editing the configuration file, you need to restart the Nginx service to make the configuration take effect. Enter the following command in the terminal:

sudo service nginx restart

After entering the password, the Nginx service will restart.

4. Configure HTTP to jump to HTTPS

If you want to jump all HTTP requests to HTTPS, you can add the following code to the configuration file:

server {
    listen 80;
    server_name www.example.com;

    return 301 https://$server_name$request_uri;
}

Among them, listen 80; means listening to port 80 (that is, HTTP protocol); return 301 https://$server_name$request_uri; means jumping all requests to the corresponding HTTPS address.

5. Configure forced HTTPS access

If you want to force all requests to be accessed through the HTTPS protocol, you can add the following code to the Nginx configuration file:

server {
    listen 80;
    server_name www.example.com;

    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl;
    server_name www.example.com;

    ssl_certificate /path/to/certificate.crt;
    ssl_certificate_key /path/to/private.key;

    # 其他配置...
}

in the configuration The first server block and the second server block listen to port 80 and port 443 respectively and handle HTTP and HTTPS requests respectively. return 301 https://$server_name$request_uri; in the configuration forces the HTTP request to jump to the corresponding HTTPS address.

Conclusion

Through the above steps, we can implement the HTTPS configuration of Nginx, and we can choose whether to perform HTTP jump to HTTPS or force HTTPS access as needed. Of course, actual applications also involve other detailed configurations, such as setting the SSL protocol version, cipher suite, HSTS, etc. I hope this article can provide you with some reference to make your website more secure and reliable.

The above is the detailed content of How to implement Nginx HTTPS configuration. For more information, please follow other related articles on the PHP Chinese website!