Home > Web Front-end > JS Tutorial > body text

Steps to deploy https using nginx and node on Alibaba Cloud

小云云
Release: 2017-12-20 09:18:02
Original
2201 people have browsed it

This article mainly introduces you to the steps of deploying https in Alibaba Cloud using nginx + node. The article introduces it in great detail through pictures, texts and sample codes. It has certain reference learning value for everyone's study or work. I hope it can help. to everyone.

The main differences between HTTPS and HTTP are as follows:

1. The https protocol requires applying for a certificate from ca. Generally, there are fewer free certificates, so a certain fee is required.

2. http is a hypertext transfer protocol, and information is transmitted in plain text, while https is a secure SSL encrypted transmission protocol.

3. http and https use completely different connection methods and use different ports. The former is 80 and the latter is 443.

4. The http connection is very simple and stateless; the HTTPS protocol is a network protocol built from the SSL+HTTP protocol that can perform encrypted transmission and identity authentication, and is more secure than the http protocol.

Application

I waited for 2 days to get the free https certificate. It always shows that it is sold out on Ali. Is it because of the recent popularity of https? Demand exceeds supply.

deploy

Uploaded fileauth.txt to the specified directory. After a few minutes, the review was passed. During this period, no review calls came in. The operation and deployment instructions provided by Alibaba are very detailed. You can just copy it, but be careful to put the cert folder under conf instead of the nginx root directory as mentioned in the instructions. When you operate it locally according to Ali, you will see this error, fopen:No such file or directory:fopen('/usr/local/nginx/conf/cert/214389510580391.pem','r') error: 2006D080:BIO routines:BIO_new_file:no such file), which means that there is a problem with the cert directory.

node reverse proxy


location / {
   proxy_pass http://127.0.0.1:4001;
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
Copy after login

node still runs as usual, it doesn’t care about https or http, it is done by nginx. The first proxy_pass is a reverse proxy, and the next three proxy_set_headers take over the request completely from mall.it577.net. Although it can be requested by the front end without adding it, req.originUrl will still be resolved to http://127.0.0.1 :4001, this affects the decoupling of WeChat payment callback notify_url, so these 3 lines are added.

Result

You can see from the address bar that https is supported.

pits

The above process is very simple and can basically be configured. Let me talk about the pitfalls I encountered. Because my Alibaba pre-installed nginx does not include the https module, I have to manually download the installation package and recompile it. Finally, copy the newly compiled nginx execution file, replace it and restart the service.

Error reporting, prompting that the ssl module cannot be found


##

nginx: [emerg] unknown directive "ssl" in /usr/local/nginx/conf/nginx.conf:123
Copy after login

Download the corresponding version of the ngix compression package


wget http://nginx.org/download/nginx-1.12.1.tar.gz
Copy after login

Unzip


tar zxvf nginx-1.12.1.tar.gz
Copy after login

Compile with parameters to get the ssl module


./configure --with-http_ssl_module

make
Copy after login

Stop nginx


/usr/local/nginx/sbin/nginx -s stop
Copy after login

Of course you can kill the process. I found 3 ways to kill it online.

Replace the old nginx


cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
cp ./objs/nginx /usr/local/nginx/sbin/
Copy after login

Restart nginx and reload the conf configuration file


/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
/usr/local/nginx/sbin/nginx -s reload
Copy after login
Related recommendations:


Detailed explanation of HTTPS

How to use node.js to configure self-signing https server

https solution, including request:fail error and real device preview problem

The above is the detailed content of Steps to deploy https using nginx and node on Alibaba Cloud. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template