The introduction
This period of time I finally feel on the right track, also relatively stable down. I wanted to do something. I wanted to make a website that included some tools I wanted and some consulting I wanted to focus on. Then I realized that my server was not green at all, so I spent some time greening my server.
Nginx on HTTPS
To apply for the certificate
I use the Tencent cloud server, so I go to the official website of Tencent Cloud to apply for the certificate. Of course, if not Tencent Cloud, there are several more authoritative websites that issue certificates, such as StartSSL. Of course, if your server is Linux, you can also use OpenSSL installed by default
However, I have not tried the method of OpenSSL, please refer to it for details
www.cnblogs.com/chjbbs/p/57…
Tencent cloud application certificate is relatively simple, open the following link
console.cloud.tencent.com/ssl
Click Apply for certificate, and fill in step by step according to its prompts. Download the certificate after successful verification. The files in the downloaded certificate are as follows
Open Nginx, which contains a certificate file and a.key file.
Configure nginx
Open the nginx/conf folder on the server, and create a folder named SSL and a folder named domain. This depends on your own habits. In the following configuration items, only the path is correct. I of the certificate and the location of the key file in nginx/conf/SSL/www.haoqinzz.cn/
Then go to the nginx.conf file, unseal and modify it to the following code
# HTTPS server server { listen 443; server_name localhost; ssl on; ssl_certificate ssl/www.haoqinzz.cn/1_www.haoqinzz.cn_bundle.crt; ssl_certificate_key ssl/www.haoqinzz.cn/2_www.haoqinzz.cn.key; ssl_session_timeout 5m; ssl_protocols SSLv2 SSLv3 TLSv1; ssl_prefer_server_ciphers on; ssl_dhparam ssl/certs/dhparam.pem; ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA ! aNULL ! eNULL ! LOW ! 3DES ! MD5 ! EXP ! PSK ! SRP ! DSS ! RC4"; keepalive_timeout 70; ssl_session_cache shared:SSL:10m; add_header Strict-Transport-Security max-age=63072000; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; location / { root html; index index.html index.htm; }}Copy the code
Then restart the nginx service, and then enter haoQinzz.cn to see the welcome page of nginx, but at this time you can enter haoQinzz.cn or access, so if you want to the whole site HTTPS, also need to modify the HTTP service, Redirect HTTP to HTTPS
server {
listen 80;
server_name haoqinzz.cn www.haoqinzz.cn;
return 301 https://haoqinzz.cn$request_uri;
}
Copy the code
So you input haoQinzz.cn will jump into haoQinzz.cn, but there is still a big problem, that is, my previous project can not access.
Let the project in the server run again
Common project
After HTTPS on the server, the home page changed and all the items were gone, so I went to look at the nginx configuration file
# HTTPS server server { listen 443; server_name localhost; ssl on; ssl_certificate ssl/www.haoqinzz.cn/1_www.haoqinzz.cn_bundle.crt; ssl_certificate_key ssl/www.haoqinzz.cn/2_www.haoqinzz.cn.key; ssl_session_timeout 5m; ssl_protocols SSLv2 SSLv3 TLSv1; ssl_prefer_server_ciphers on; ssl_dhparam ssl/certs/dhparam.pem; ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA ! aNULL ! eNULL ! LOW ! 3DES ! MD5 ! EXP ! PSK ! SRP ! DSS ! RC4"; keepalive_timeout 70; ssl_session_cache shared:SSL:10m; add_header Strict-Transport-Security max-age=63072000; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; location / { root html; index index.html index.htm; }}Copy the code
I found that the root folder of HTTPS was HTML, so I migrated the original file to access it. ✊
Nginx reverse proxy project
On the server, I also had a reverse proxy project using Nginx. After upgrading HTTPS, there is no doubt that the API is all 404
Find nginx reverse proxy configuration files, will Listen port 80 to 443, and will be used of the HTTP protocol HTTPS, then turn it on again at this point you can find the url, but will at 502 mistakes, After careful investigation, I found that this was because I was using HTTP to start the service, and I needed to change to HTTPS and configure the certificate file
var https = require('https'); const fs = require('fs'); Const options = {key: fs.readfilesync ('key '), cert: fs.readfilesync (' CRT ')}; var server = https.createServer(options,app);Copy the code
So the data is available again