How to configure Nginx SSL certificate to deploy HTTPS website
Self-issued ssl certificate that is not trusted by the browser
Manually issued
xshell logs in to the server and uses openssl to generate rsa Key and certificate
# 生成一个rsa密钥 $ openssl genrsa -des3 -out tfjybj.key 1024 # 拷贝一个不需要输入密码的密钥文件 $ openssl rsa -in dmsdbj.key -out tfjybj_nopass.key # 生成一个证书请求 $ openssl req -new -key tfjybj.key -out tfjybj.csr
Here you will be prompted to enter information such as province, city, domain name, etc. The email must be the domain name suffix. This generates a csr file, which is the csr file when submitted to the ssl provider.
(Since I don’t have a screenshot here, I found a picture from the Internet. What needs to be replaced is the 33iq below, which is replaced by tfjybj)
When entering the password in the middle , nothing is displayed, but just enter it
# 自己签发证书 $ openssl x509 -req -days 365 -in tfjybj.csr -signkey tfjybj.key -out tfjybj.crt
Put the generated certificate in the same directory as the nginx configuration file;
nginx configuration
Edit the nginx configuration file nginx.conf and add https protocol
server { server_name tfjybj.com; listen 443; ssl on; ssl_certificate /usr/local/nginx/conf/tfjybj.crt; ssl_certificate_key /usr/local/nginx/conf/tfjybj_nopass.key; # 若ssl_certificate_key使用tfjybj.key,则每次启动nginx服务器都要求输入key的密码。 (开始我不知道,纳闷为啥启动nginx、关闭nginx都要输入密码) }
Restart nginx
Issue it yourself The SSL certificate can realize the encrypted transmission function, but the browser does not trust it and will give a prompt:
Certificate issued through a third party – Alibaba Cloud
Issue Certificate
Log in to the Alibaba Cloud Management Console, select [Certificate Service] from the [Cloud Shield] menu, and choose to purchase a certificate;
I got the free version for testing. After applying, after a day or two of review, I can download the certificate. After downloading and decompressing, there are two files, one ending with key, the private key, and the other ending with pem, the public key;
Configuring nginx
File description:
The certificate file "Application Certificate Name.pem" contains two paragraphs of content. Please do not delete either paragraph.
If it is a csr created by the certificate system, it also includes: certificate private key file "applied certificate name.key".
(1) Create the cert directory in the nginx installation directory, and copy all the downloaded files to the cert directory. If you create a csr file yourself when applying for a certificate, please put the corresponding private key file in the cert directory and name it "applied certificate name.key";
(2) Open conf in the nginx installation directory nginx.conf file in the directory, find:
# https server # #server { # listen 443; # server_name localhost; # ssl on; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_timeout 5m; # ssl_protocols sslv2 sslv3 tlsv1; # ssl_ciphers all:!adh:!export56:rc4+rsa:+high:+medium:+low:+sslv2:+exp; # ssl_prefer_server_ciphers on; # location / { # # #} #}
(3) Modify it to (The attributes starting with ssl among the following attributes are directly related to the certificate configuration. Please copy or adjust other attributes based on your actual situation. ) :
server { listen 443; server_name localhost; ssl on; root html; index index.html index.htm; ssl_certificate cert/申请的证书名字.pem; ssl_certificate_key cert/申请的证书名字.key; ssl_session_timeout 5m; ssl_ciphers ecdhe-rsa-aes128-gcm-sha256:ecdhe:ecdh:aes:high:!null:!anull:!md5:!adh:!rc4; ssl_protocols tlsv1 tlsv1.1 tlsv1.2; ssl_prefer_server_ciphers on; location / { root html; index index.html index.htm; } }
Save and exit.
(4) Restart nginx.
(5) Access your site via https
The above is the detailed content of How to configure Nginx SSL certificate to deploy HTTPS website. For more information, please follow other related articles on the PHP Chinese website!

Hot AI Tools

Undress AI Tool
Undress images for free

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Clothoff.io
AI clothes remover

Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Hot Tools

Notepad++7.3.1
Easy-to-use and free code editor

SublimeText3 Chinese version
Chinese version, very easy to use

Zend Studio 13.0.1
Powerful PHP integrated development environment

Dreamweaver CS6
Visual web development tools

SublimeText3 Mac version
God-level code editing software (SublimeText3)

PHP code can be executed in many ways: 1. Use the command line to directly enter the "php file name" to execute the script; 2. Put the file into the document root directory and access it through the browser through the web server; 3. Run it in the IDE and use the built-in debugging tool; 4. Use the online PHP sandbox or code execution platform for testing.

Understanding Nginx's configuration file path and initial settings is very important because it is the first step in optimizing and managing a web server. 1) The configuration file path is usually /etc/nginx/nginx.conf. The syntax can be found and tested using the nginx-t command. 2) The initial settings include global settings (such as user, worker_processes) and HTTP settings (such as include, log_format). These settings allow customization and extension according to requirements. Incorrect configuration may lead to performance issues and security vulnerabilities.

Linux system restricts user resources through the ulimit command to prevent excessive use of resources. 1.ulimit is a built-in shell command that can limit the number of file descriptors (-n), memory size (-v), thread count (-u), etc., which are divided into soft limit (current effective value) and hard limit (maximum upper limit). 2. Use the ulimit command directly for temporary modification, such as ulimit-n2048, but it is only valid for the current session. 3. For permanent effect, you need to modify /etc/security/limits.conf and PAM configuration files, and add sessionrequiredpam_limits.so. 4. The systemd service needs to set Lim in the unit file

When configuring Nginx on Debian system, the following are some practical tips: The basic structure of the configuration file global settings: Define behavioral parameters that affect the entire Nginx service, such as the number of worker threads and the permissions of running users. Event handling part: Deciding how Nginx deals with network connections is a key configuration for improving performance. HTTP service part: contains a large number of settings related to HTTP service, and can embed multiple servers and location blocks. Core configuration options worker_connections: Define the maximum number of connections that each worker thread can handle, usually set to 1024. multi_accept: Activate the multi-connection reception mode and enhance the ability of concurrent processing. s

NGINXserveswebcontentandactsasareverseproxy,loadbalancer,andmore.1)ItefficientlyservesstaticcontentlikeHTMLandimages.2)Itfunctionsasareverseproxyandloadbalancer,distributingtrafficacrossservers.3)NGINXenhancesperformancethroughcaching.4)Itofferssecur

Diagnosis and solutions for common errors of Nginx include: 1. View log files, 2. Adjust configuration files, 3. Optimize performance. By analyzing logs, adjusting timeout settings and optimizing cache and load balancing, errors such as 404, 502, 504 can be effectively resolved to improve website stability and performance.

DebianApache2's SEO optimization skills cover multiple levels. Here are some key methods: Keyword research: Use tools (such as keyword magic tools) to mine the core and auxiliary keywords of the page. High-quality content creation: produce valuable and original content, and the content needs to be conducted in-depth research to ensure smooth language and clear format. Content layout and structure optimization: Use titles and subtitles to guide reading. Write concise and clear paragraphs and sentences. Use the list to display key information. Combining multimedia such as pictures and videos to enhance expression. The blank design improves the readability of text. Technical level SEO improvement: robots.txt file: Specifies the access rights of search engine crawlers. Accelerate web page loading: optimized with the help of caching mechanism and Apache configuration

Through Docker containerization technology, PHP developers can use PhpStorm to improve development efficiency and environmental consistency. The specific steps include: 1. Create a Dockerfile to define the PHP environment; 2. Configure the Docker connection in PhpStorm; 3. Create a DockerCompose file to define the service; 4. Configure the remote PHP interpreter. The advantages are strong environmental consistency, and the disadvantages include long startup time and complex debugging.
