Home>Article>Operation and Maintenance> How to deploy https encryption authentication in Nginx

How to deploy https encryption authentication in Nginx

PHPz
PHPz forward
2023-05-22 09:52:13 1280browse

Regarding the certificate required for https, you can apply on StartSSL. For the principle part, please move on to build the website as https. The server module of nginx configures the monitoring of port 443, and sends the certificate and private key information. Also listed completely, nginx’s server module configures port 80 to force a jump to https.

How to deploy https encryption authentication in Nginx

Basic principles of HTTPS

Public key private key ssh-keygen -t rsa -C "new email" certificate, public key plus CA certification

CA is an organization that issues trusted certificates

TLS1.2 is the highest version currently, and no bugs have been found. Don't choose SSL. TLS is a subsequent version of SSL and is more secure than SSL. OpenSSL supports TLS.

As long as you understand the principles of a series of technologies such as RSA encryption and decryption, symmetric encryption and decryption, and SHA digest signature, you can understand their applications. Among them, SHA1 has been cracked by Professor Wang Xiaoyun of Shandong University, and SHA2 is used instead.

302 Browser-side jump requires re-conducting the tcp handshake

For the certificate sent by the server, the browser needs to go to its CA Verify whether it is trustworthy

The certificate private key is mainly used to negotiate the symmetric encryption key

Apply for a certificate

StartSSL is a free, globally certified certificate provider. For specific registration and usage, please refer to its official website. This blog post explains it in detail.

nginx configuration support

#redirect to httpsserver { listen 80; server_name blog.huachao.me; return 301 https://$server_name$request_uri; }

proxy & ssl

server { listen 443 ssl; server_name blog.huachao.me; ssl on; ssl_certificate /path/to/cert_file; ssl_certificate_key /path/to/private_key; location / { proxy_pass http://localhost:port; } }

The above is the detailed content of How to deploy https encryption authentication in Nginx. For more information, please follow other related articles on the PHP Chinese website!

Statement:
This article is reproduced at:yisu.com. If there is any infringement, please contact admin@php.cn delete