A, problem,
1.1 environment development tool: Nginx 1.18.0; Operating system: Linux;
1.2. How do I deploy THE HTTPS protocol for my official website?
Second, the answer
First of all, thank [Tencent Cloud platform customer service and developers for their generous assistance ~]
As we all know, HTTP is transmitted in plain text, while HTTPS is transmitted after encryption, which is relatively secure. Here’s a quick note on the holes I stepped in configuring Nginx; 1. After configuring the Nginx server to listen on port 443, execute [./ Nginx -s reload], and an error occurs
nginx:[emerg]ths "ssl" parameter requires ngx_http_ssl_module in /user/local/nginx/conf/nginx.conf:99
Copy the codeThis is because it was not executed when Nginx was installed earlier
./configure
Copy the codeDid not perform
make
Copy the codeNo execution (this cannot be done arbitrarily, overwriting the previous library)
make install
Copy the codeThe solution here is to create a new folder and download the same version (my Nginx version is 1.18.0); Then re-execute; Here you can refer to: [Nginx installation configuration], however, you perform
./configure
Copy the codeNginx = Nginx; Nginx = Nginx; Nginx = Nginx;
2. After the execution, port 443 is not opened. Because WHAT I buy is Tencent cloud server, so according to Tencent cloud platformOfficial Document ConfigurationTo open the port number
3. Later, I found that although port 443 was configured on the cloud platform, it seemed that port 443 was not opened locally.
Telnet The address of my server443
Copy the codeImpassability. The firewall does not block 443:
Use this command to check which ports and services the server is listening on:
lsof -i -Pn | grep -i listen
Copy the codeNginx = Nginx; conf = Nginx
./nginx -s reload
Copy the codeBut the command didn’t seem to work and I stopped the Nginx service first
./nginx -s stop
Copy the codeAnd then start again
./nginx
Copy the codeCheck the listening port again, find port 443, open
lsof -i -Pn | grep -i listen
Copy the code4, access,
https:// My domain name, found later, 403forbidden; Nginx.conf: nginx.conf: nginx.conf: nginx.conf: nginx.conf: nginx.conf
user root;
Copy the codeThen give the user permission to access our project folder:
chmod -R 755 /www/kimmol/
Copy the codeNginx.conf () : nginx.conf () : nginx.conf () : nginx.conf () : nginx.conf
charset utf-8;
Copy the codeCan be
6. HTTPS configuration in nginx
# HTTPS server
#
server {
listen 443 ssl;
charset utf-8; Enter the domain name server_name www.kimmol.com. Ssl_certificate www.kimmol.com.pem; Ssl_certificate_key www.kimmol.com.key; ssl_session_timeout 5m; Ssl_protocols TLSv1 TLSv11. TLSv12.; Configure the encryption suite as follows, written in accordance with the OpenSSL standard. ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:! aNULL:! MD5:! RC4:! DHE; ssl_prefer_server_ciphers on; Location / {# site home page path. This directory is for reference only. For details, follow the actual directory. root html/kimmol; index index.html index.htm; }}Copy the codeEnd ~
Third, summary
Undertake project development (e-commerce, finance, live broadcasting and other Internet development projects), undertake outsourcing and other Internet business ~
Welcome to mine
CSDN blog: blog.csdn.net/River_Conti…
Wechat official account: Muqiao Community
Zhihu: zhang makino, www.zhihu.com/people/zhan…
Jane: www.jianshu.com/u/02c0096cb…
Reference: www.jb51.net/article/121… Console.cloud.tencent.com/vpc/securit…