PMEve--Everyone is a Product Manager

Home >> Tech Dev >> Databases

Nginx Configuration for SSL Certificates

Time: Column:Databases views:236

After successfully configuring the SSL certificate, you will be able to securely access your Nginx server through an HTTPS encrypted channel.

Installing Nginx

Skip this step if Nginx is already installed.

Use the wget command to download the Nginx installation package to the /usr/local/ directory on your Linux server:

wget -c http://nginx.org/download/nginx-1.24.0.tar.gz

1. Install Nginx Dependencies

Install the required dependencies for Nginx:

yum install -y gcc-c++ zlib zlib-devel openssl openssl-devel pcre pcre-devel

2. Install Nginx: Extract the Nginx Installation Package

tar -zxvf nginx-1.24.0.tar.gz

Enter the extracted Nginx directory:

cd /usr/local/nginx

Run the configuration script. The --prefix option specifies the installation directory:

csharp複製程式碼./configure --with-http_stub_status_module --with-http_ssl_module

3. Compile and Install Nginx

Run the following commands to compile and install Nginx:

make & make install

4. Start Nginx Service

Once installed, Nginx will be located under /usr/local/nginx. To start Nginx, run:

./nginx

To restart:

./nginx -s reload

To stop:

./nginx -s stop

Alternatively, start Nginx with a specified configuration file:

./nginx -c /usr/local/nginx/conf/nginx.conf

5. Check if Nginx Started Successfully

To check if Nginx is running:

ps -ef | grep nginx

6. Set Nginx to Start on Boot

Edit the /etc/rc.local file and add the following line at the bottom:

/usr/local/nginx/sbin/nginx

7. Edit the Nginx Configuration File

Edit the nginx.conf file located in the conf directory of your installation:

server {
    listen       80;
    server_name  yourdomain.com; # Replace with your domain or IP address
    
    location / {
        root   /path/to/your/vuepress/site; # Replace with your VuePress site path, the path where the static files are placed after running `vue npm run build`
        index  index.html index.htm;
        
        try_files $uri $uri/ /index.html;
    }
}

Install SSL Certificates on Nginx Server

1. Create a cert directory to store the certificates in the Nginx conf directory:

Navigate to the Nginx conf directory and create the cert directory:

cd /usr/local/nginx/conf
mkdir cert

Move the certificate files into the cert directory. The certificate files include:

  • .pem: The certificate file (PEM format with a CRT extension).

  • .key: The certificate key file (if you didn't choose to automatically generate a CSR when applying for the certificate, you need to manually copy your private key into this directory).

2. Modify the nginx.conf file:

Edit the nginx.conf file and uncomment the HTTPS server block, modifying it as follows:

server {
    listen       443 ssl;
    server_name  it-blog-cn.com;

    ssl_certificate      /usr/local/nginx/conf/cert/it-blog-cn.com.pem;
    ssl_certificate_key  /usr/local/nginx/conf/cert/it-blog-cn.com.key;

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

    location / {
        root   html;
        index  index.html index.htm;
    }
}

3. Check Nginx Configuration Syntax

Run the following command to check the Nginx configuration for errors:

../sbin/nginx -t

If the certificate file path is incorrect, you will get an error message. If successful, you will see:

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

4. Reload Nginx to Apply Changes

Run the following command to reload Nginx:

nginx -s reload

5. Check if Port 443 is Open

To check if the server is listening on port 443, run:

netstat -ntlp | grep 443

6. Check Firewall Status

Check if the firewall is running and if port 443 is open:

firewall-cmd --state

If port 443 is not open, add it with:

firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --reload

7. Test HTTPS Connection

To test the HTTPS connection on port 443, run the following command, replacing it-blog-cn.com with your domain:

echo | openssl s_client -connect 127.0.0.1:443 -servername it-blog.cn 2>/dev/null

If you see an SSL session, it means the HTTPS service is running correctly with the configured SSL certificate.

Force HTTP to Redirect to HTTPS

Modify nginx.conf

[root@iZuf65h6i43ltlzhqolumyZ conf]# vim nginx.conf

Add the line rewrite ^(.*)$ https://$host$1; below the listen 80 port, then use nginx -t to check the syntax, and restart Nginx with nginx -s reload.

server {
    listen       80;
    server_name  localhost;

    rewrite ^(.*)$ https://$host$1;
}

Nginx Configuration File

Full configuration of nginx.conf

#user  nobody;

worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

pid        logs/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       mime.types;

    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       80;
        server_name  it-blog-cn.com;

        rewrite ^(.*)$ https://$host$1;
        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            proxy_pass http://127.0.0.1:8080/; # Proxy address and port
            client_max_body_size 100M;

            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Real-PORT $remote_port;
            proxy_set_header X-Forwarded-For $host;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ .php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ .php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /.ht {
        #    deny  all;
        #}
    }

    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

    # HTTPS server
    #

    server {
        listen       443 ssl;
        server_name  it-blog-cn.com;

        ssl_certificate     /usr/local/nginx/conf/cert/it-blog-cn.com.pem;
        ssl_certificate_key  /usr/local/nginx/conf/cert/it-blog-cn.com.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        location / {
            root   html;
            index  index.html index.htm;
        }
    }
}


Recommended