How to upgrade https under Nginx

Purchase Certificate

You can purchase it from Alibaba Cloud's Cloud Shield Certificate Service

Download Certificate

Download the Nginx version certificate in the Certificate Console. The compressed file package downloaded to the local computer contains:

.pem file: certificate file
.key file: the private key file of the certificate (if you did not select Automatically create CSR when applying for the certificate, there will be no such file)

Configure Nginx

1. Create a cert directory in the Nginx installation directory and copy all downloaded files to the cert directory. If you created a CSR file yourself when applying for a certificate, please put the corresponding private key file in the cert directory.

2. Open the nginx.conf file in the conf directory under the Nginx installation directory

#user nobody;
worker_processes 1;

#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;

#pid logs/nginx.pid;

events {
  worker_connections 1024;
}

http {
  include mime.types;
  default_type application/octet-stream;

  #log_format main '$remote_addr - $remote_user [$time_local] "$request" '
  # '$status $body_bytes_sent "$http_referer" '
  # '"$http_user_agent" "$http_x_forwarded_for"';

  #access_log logs/access.log main;

  sendfile on;
  #tcp_nopush on;

  #keepalive_timeout 0;
  keepalive_timeout 65;

  gzip on; #Enable gzip
  gzip_min_length 1k; #Resources below 1kb are not compressed gzip_comp_level 3; #Compression level [1-9]. The higher the compression level, the higher the compression rate, but also consumes more CPU resources. It is recommended to set it to around 4.
  gzip_types text/plain application/javascript application/x-javascript text/javascript text/xml text/css; #Which response types of resources need to be compressed, separated by multiple spaces. It is not recommended to compress images. We will explain why below.
  gzip_disable "MSIE [1-6]\."; #Configure the conditions for disabling gzip, supporting regular expressions. This means that gzip is not enabled for IE6 and below (because lower versions of IE do not support it)
  gzip_vary on; #Whether to add "Vary: Accept-Encoding" response header server {
    listen 80 default backlog=2048; #Configure http available listen 443 ssl; #Configure https
    server_name localhost;

    ssl_certificate ../cert/hzzly.pem; #Configure certificate file ssl_certificate_key ../cert/hzzly.key; #Configure private key file ssl_session_cache shared:SSL:1m;
    ssl_session_timeout 5m;

    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    location / {
      root /home/hzzly;
      index index.html index.htm;
    }

    # location ^~ /apis/ {
    # proxy_set_header Host $host;
    # proxy_set_header X-Real-IP $remote_addr;
    # proxy_set_header X-Forwarded-Server $host;
    # # Match any request starting with /apis/ and stop matching other locations
    # proxy_pass http://xxxxxxxxxx/;
    # }

    # location ^~ /assets/ {
    # gzip_static on;
    # expires max;
    # add_header Cache-Control public;
    # }
  }
}

3. Restart Nginx

$ cd /usr/local/nginx/sbin
$ ./nginx -s reload

Error details

1. If the SSL module is not enabled in Nginx, an error message will appear when configuring Https

nginx: [emerg] the "ssl" parameter requires ngx_http_ssl_module in ...

Nginx enables SSL module

Switch to the source package:

$ cd /usr/local/src/nginx-1.16.0

Modify the new configure parameters

$ ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module

After the configuration is complete, run the command

$ make //Do not perform make install here, otherwise it will overwrite the installation

Back up the original installed nginx

$ cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak

Overwrite the original nginx with the newly compiled nginx

$ cp ./objs/nginx /usr/local/nginx/sbin/

Restart Nginx

$ cd /usr/local/nginx/sbin
$ ./nginx -s reload

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.

You may also be interested in:

WeChat Mini Program Server Environment Configuration Details (SSL, Nginx HTTPS, TLS 1.2 Upgrade)

<<: Analyze the difference between ES5 and ES6 apply

>>: Detailed explanation on how to avoid the pitfalls of replacing logical SQL in MySQL

Detailed explanation of CocosCreator project structure mechanism

How to upgrade https under Nginx

Detailed explanation of CocosCreator project structure mechanism

How to create a view in MySQL

Solution to the problem that the virtual machine Ubuntu 16.04 cannot connect to the Internet

MySQL login and exit command format

How to optimize the slow Like fuzzy query in MySQL

Detailed explanation of the use principle and calculation method of the umask command under Linux

How to implement scheduled automatic backup of MySQL under CentOS7

The difference between Update and select in MySQL for single and multiple tables, and views and temporary tables

MySQL high availability solution MMM (MySQL multi-master replication manager)

Solution to the problem that the Vue page image does not display

Recommend

Common failures and reasons for mysql connection failure

How to use Xtrabackup to back up and restore MySQL

Sharing some wonderful uses of wxs files in WeChat applet

Difference between var and let in JavaScript

Tutorial on installing MySQL on Alibaba Cloud Centos 7.5

Native js to implement a simple calculator

6 Practical Tips for TypeScript Development

MySql import CSV file or tab-delimited file

Understand the difference between BR and P tags through examples

Why does your height:100% not work?

Vue+element ui realizes anchor positioning

Detailed explanation of how to manually deploy a remote MySQL database in Linux

XHTML tutorial, a brief introduction to the basics of XHTML

How to use async and await in JS

HTML tag overflow processing application