A, problem,

1.1 environment development tool: Nginx 1.18.0; Operating system: Linux;

1.2. How do I deploy THE HTTPS protocol for my official website?

Second, the answer

First of all, thank [Tencent Cloud platform customer service and developers for their generous assistance ~]

As we all know, HTTP is transmitted in plain text, while HTTPS is transmitted after encryption, which is relatively secure. Here’s a quick note on the holes I stepped in configuring Nginx; 1. After configuring the Nginx server to listen on port 443, execute [./ Nginx -s reload], and an error occurs

nginx:[emerg]ths "ssl" parameter requires ngx_http_ssl_module in /user/local/nginx/conf/nginx.conf:99
Copy the code

This is because it was not executed when Nginx was installed earlier

./configure
Copy the code

Did not perform

make
Copy the code

No execution (this cannot be done arbitrarily, overwriting the previous library)

make install
Copy the code

The solution here is to create a new folder and download the same version (my Nginx version is 1.18.0); Then re-execute; Here you can refer to: [Nginx installation configuration], however, you perform

./configure
Copy the code

Nginx = Nginx; Nginx = Nginx; Nginx = Nginx;

2. After the execution, port 443 is not opened. Because WHAT I buy is Tencent cloud server, so according to Tencent cloud platformOfficial Document ConfigurationTo open the port number

3. Later, I found that although port 443 was configured on the cloud platform, it seemed that port 443 was not opened locally.

Telnet The address of my server443
Copy the code

Impassability. The firewall does not block 443:

Use this command to check which ports and services the server is listening on:

 lsof -i -Pn | grep -i listen
Copy the code

Nginx = Nginx; conf = Nginx

./nginx -s reload
Copy the code

But the command didn’t seem to work and I stopped the Nginx service first

./nginx -s stop
Copy the code

And then start again

./nginx
Copy the code

Check the listening port again, find port 443, open

 lsof -i -Pn | grep -i listen
Copy the code

4, access,

https:// My domain name, found later, 403forbidden; Nginx.conf: nginx.conf: nginx.conf: nginx.conf: nginx.conf: nginx.conf

user root;
Copy the code

Then give the user permission to access our project folder:

chmod -R 755 /www/kimmol/
Copy the code

Nginx.conf () : nginx.conf () : nginx.conf () : nginx.conf () : nginx.conf

charset utf-8;
Copy the code

Can be

6. HTTPS configuration in nginx

    # HTTPS server
    #
   server {
    listen 443 ssl; 
    charset utf-8; Enter the domain name server_name www.kimmol.com. Ssl_certificate www.kimmol.com.pem; Ssl_certificate_key www.kimmol.com.key; ssl_session_timeout 5m; Ssl_protocols TLSv1 TLSv11. TLSv12.; Configure the encryption suite as follows, written in accordance with the OpenSSL standard. ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:! aNULL:! MD5:! RC4:! DHE; ssl_prefer_server_ciphers on; Location / {# site home page path. This directory is for reference only. For details, follow the actual directory. root html/kimmol; index index.html index.htm; }}Copy the code

End ~

Third, summary

Undertake project development (e-commerce, finance, live broadcasting and other Internet development projects), undertake outsourcing and other Internet business ~

Welcome to mine

CSDN blog: blog.csdn.net/River_Conti…

Wechat official account: Muqiao Community

Zhihu: zhang makino, www.zhihu.com/people/zhan…

Jane: www.jianshu.com/u/02c0096cb…

Reference: www.jb51.net/article/121… Console.cloud.tencent.com/vpc/securit…