A, problem,
1.1 environment development tool: Nginx 1.18.0; Operating system: Linux;
1.2. How do I deploy THE HTTPS protocol for my official website?
Second, the answer
First of all, thank [Tencent Cloud platform customer service and developers for their generous assistance ~]
As we all know, HTTP is transmitted in plain text, while HTTPS is transmitted after encryption, which is relatively secure. Here’s a quick note on the holes I stepped in configuring Nginx; 1. After configuring the Nginx server to listen on port 443, execute [./ Nginx -s reload], and an error occurs
nginx:[emerg]ths "ssl" parameter requires ngx_http_ssl_module in /user/local/nginx/conf/nginx.conf:99
Copy the code
This is because it was not executed when Nginx was installed earlier
./configure
Copy the code
Did not perform
make
Copy the code
No execution (this cannot be done arbitrarily, overwriting the previous library)
make install
Copy the code
The solution here is to create a new folder and download the same version (my Nginx version is 1.18.0); Then re-execute; Here you can refer to: [Nginx installation configuration], however, you perform
./configure
Copy the code
Nginx = Nginx; Nginx = Nginx; Nginx = Nginx;
2. After the execution, port 443 is not opened. Because WHAT I buy is Tencent cloud server, so according to Tencent cloud platformOfficial Document ConfigurationTo open the port number
3. Later, I found that although port 443 was configured on the cloud platform, it seemed that port 443 was not opened locally.
Telnet The address of my server443
Copy the code
Impassability. The firewall does not block 443:
Use this command to check which ports and services the server is listening on:
lsof -i -Pn | grep -i listen
Copy the code
Nginx = Nginx; conf = Nginx
./nginx -s reload
Copy the code
But the command didn’t seem to work and I stopped the Nginx service first
./nginx -s stop
Copy the code
And then start again
./nginx
Copy the code
Check the listening port again, find port 443, open
lsof -i -Pn | grep -i listen
Copy the code
4, access,
https:// My domain name, found later, 403forbidden; Nginx.conf: nginx.conf: nginx.conf: nginx.conf: nginx.conf: nginx.conf
user root;
Copy the code
Then give the user permission to access our project folder:
chmod -R 755 /www/kimmol/
Copy the code
Nginx.conf () : nginx.conf () : nginx.conf () : nginx.conf () : nginx.conf
charset utf-8;
Copy the code
Can be
6. HTTPS configuration in nginx
# HTTPS server
#
server {
listen 443 ssl;
charset utf-8; Enter the domain name server_name www.kimmol.com. Ssl_certificate www.kimmol.com.pem; Ssl_certificate_key www.kimmol.com.key; ssl_session_timeout 5m; Ssl_protocols TLSv1 TLSv11. TLSv12.; Configure the encryption suite as follows, written in accordance with the OpenSSL standard. ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:! aNULL:! MD5:! RC4:! DHE; ssl_prefer_server_ciphers on; Location / {# site home page path. This directory is for reference only. For details, follow the actual directory. root html/kimmol; index index.html index.htm; }}Copy the code
End ~
Third, summary
Undertake project development (e-commerce, finance, live broadcasting and other Internet development projects), undertake outsourcing and other Internet business ~
Welcome to mine
CSDN blog: blog.csdn.net/River_Conti…
Wechat official account: Muqiao Community
Zhihu: zhang makino, www.zhihu.com/people/zhan…
Jane: www.jianshu.com/u/02c0096cb…
Reference: www.jb51.net/article/121… Console.cloud.tencent.com/vpc/securit…