preface

This article describes how to resolve the secondary domain name and configure the SSL certificate, and HTTP redirects to HTTPS. Note: Be sure to read through this article before you get started, and when some errors occur during the installation, see the error handling section at the bottom.

1. Resolve the domain name

Just look at the picture below.

2. Apply for an SSL certificate

Parsing is simple, and we go on to apply for an SSL certificate.

When registering a domain name, you can apply for a free SSL certificate. You can apply for a free secondary domain name certificate, which must be consistent with the above secondary domain name.

Certificate download nginx, we will get the key and pem files

3. Install nginx

3.1 Installing Various Dependencies

# install GCC, nginx source compiler required
yum install gcc-c++

#PCRE pcre-devel install. Nginx's HTTP module uses PCRE to parse regular expressions
yum install -y pcre pcre-devel

Nginx uses zlib to gzip the contents of HTTP packages
yum install -y zlib zlib-devel

Nginx supports not only HTTP but also HTTPS (that is, HTTP is transmitted over SSL).
yum install -y openssl openssl-devel
Copy the code

3.2 Downloading the Nginx source

【 official website link 】

Download using the wget command (recommended)

# Download version number can be adjusted according to the latest stable version on the official websiteWget -c https://nginx.org/download/nginx-1.16.1.tar.gzCopy the code
Use the ls command to see the downloaded nginx package, and then decompress itThe tar - ZXVF nginx - 1.16.1. Tar. Gz# Decompress and enter the directory
cdNginx - 1.16.1Copy the code

4. Configure SSL

/configure does not install the SSL module. Run the following commands in sequence:

./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module  --with-http_realip_module 
make
make install
Copy the code

SSL configuration for nginx

Go to the nginx configuration file directory and find the nginx configuration file nginx.conf
cd /usr/local/nginx/conf/

# Direct modification
vi nginx.conf
Copy the code
server {
     listen  443 ssl;
     server_name  www.xxx.com;

   # ssl on;Ssl_certificate /etc/ssl/certs/certificate name. pem; Ssl_certificate_key /etc/ssl/certs/Certificate name. Key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:! NULL:! aNULL:! MD5:! ADH:! RC4; Ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { proxy_pass http://localhost:8080; }}Copy the code

The certificate must be stored in /etc/ssl/certs/certificate name.pem. Otherwise, an error will be reported.

www.yy.xxx.com for your secondary domain.

5. Configure domain name mapping

Go to the nginx configuration file directory and find the nginx configuration file nginx.conf
cd /usr/local/nginx/conf/

# Direct modification
vi nginx.conf
Copy the code
 server {
        listen       80;
        server_name  www.yy.xxx.com;

        #charset koi8-r;

        #access_log logs/host.access.log main;
        rewrite ^(.*)$  https://$hostThe $1 permanent; # used to redirect HTTP pages to HTTPS pages

        location / {
            proxy_pass http://localhost:8080;
        }

Copy the code

6. Reload the configuration file

When the modification is complete, reload the configuration file
cd /usr/local/nginx/sbin/
./nginx -s reload
Copy the code

7. Some errors are reported

[WARN] The “SSL” directive is deprecated and will be deprecated in the future: use the “SSL” directive… ssl” directive instead in /etc/nginx/vhost/api.conf:16

nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/vhost/api.conf:16
Copy the code

Solution: Change SSL on to the following:

#listen 443; Modify the row information as follows
listen 443 ssl; 
server_name xxx.xxxx.com; 
#ssl on; Comment on this line
Copy the code

[error] 7.2 open () “/ usr/local/nginx/logs/nginx pid” failed

Nginx: [error] open() "/usr/local/ nginx/logs/nginx. Pid "failedCopy the code

Solution:

# Execute command
/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
Copy the code

Use the nginx -c argument to specify the location of the nginx.conf file

If:

Nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)

Killall -9 nginx kill the nginx process and restart it.

In addition There is a very important may ps – ef | grep nginx see home directory is where is installed two hateful nginx haha nginx

8. Summary & References

summary

This method does not need to record the second level domain name (the first level domain name has been recorded), and has an SSL certificate, the use of really great.

The resources

  • Centos7 Install Nginx and use Nginx to record the original
  • Install Nginx in CentOS7 and configure the SSL certificate
  • Solve nginx: [error] open () “/ usr/local/nginx/logs/nginx pid” failed error
  • Nginx failed to configure SSL