The difference between http and https is
Some websites, when http is opened, the page prompts that it is not safe. For example, if you click on the following website [actually the same website]
How can I get rid of this unsafe prompt? Upgrading from http to https
Look at the final effect:
If you currently have a website, how do you upgrade it? For https
Domain name: 511easy.com
Once you have a domain name, you can apply for a free SSL certificate, as shown in the screenshot below, based on the certificates of each web server. I use nginx
Then you need to configure the nginx.conf configuration, probably using the third one below, the first two are what I use to save.
Compared with http, https is more secure, but not necessarily. Use jmeter/charles/wireshark/fiddle, etc. to generate a certificate, and you can easily capture packets of https websites. Most websites and apps. I can capture packets
upstream tomcatserver1 { server 127.0.0.1:8083; } upstream tomcatserver2 { server 127.0.0.1:8085; } server { listen 80; server_name 511easy.com; location / { proxy_pass http://tomcatserver1; index index.html index.htm; } } server { listen 80; server_name 511easy.com; location / { proxy_pass http://tomcatserver2; index index.html index.htm; } }
worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; server { listen 80; server_name 88bugs; location / { proxy_pass http://localhost:8083; } } server { listen 80; server_name jenkins; location / { proxy_pass http://localhost:8080; } } }
worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; server { listen 443 ssl; server_name www.511easy.com; ssl on; ssl_certificate 1_511easy.com_bundle.crt; ssl_certificate_key 2_511easy.com.key; ssl_session_timeout 5m; location / { proxy_pass http://localhost:8083; } } }
Consolidate the meaning of these abbreviations
http ---hyper text transfer protocol, hypertext transfer protocol, is a protocol built on tcp Stateless connection, the entire basic workflow is that the client sends an http request
https ---- hyper text transfer protocol over secure socket layer or hypertext transfer protocol secure
The full name is: Hypertext Secure Transfer Protocol, which can be simply understood as the http protocol that uses ssl encrypted transmission
The default port of http is 80, and the default port of https is 443
ssl is A security protocol that provides security and data integrity for network communications.
Why use https
In order to protect the security of information transmission and data integrity. It makes visitors feel that the website is trustworthy, and for the domestic network environment, it can also prevent broadband operators from forcing advertisements on the website.
If you want two ports on one server to execute different ports with different domain names, nginx can be configured like this
worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; server { listen 443 ssl; server_name www.88bugs.com; ssl_certificate 1_88bugs.com_bundle.crt; ssl_certificate_key 2_88bugs.com.key; ssl_session_timeout 5m; location / { proxy_pass http://localhost:8083; } } server { listen 443 ssl; server_name www.511easy.com; ssl_certificate 1_511easy.com_bundle.crt; ssl_certificate_key 2_511easy.com.key; ssl_session_timeout 5m; location / { proxy_pass http://localhost:8085; } } }
The above is the detailed content of How to upgrade Nginx from http to https. For more information, please follow other related articles on the PHP Chinese website!

To ensure website security through Nginx, the following steps are required: 1. Create a basic configuration, specify the SSL certificate and private key; 2. Optimize the configuration, enable HTTP/2 and OCSPStapling; 3. Debug common errors, such as certificate path and encryption suite issues; 4. Application performance optimization suggestions, such as using Let'sEncrypt and session multiplexing.

Nginx is a high-performance HTTP and reverse proxy server that is good at handling high concurrent connections. 1) Basic configuration: listen to the port and provide static file services. 2) Advanced configuration: implement reverse proxy and load balancing. 3) Debugging skills: Check the error log and test the configuration file. 4) Performance optimization: Enable Gzip compression and adjust cache policies.

Nginx cache can significantly improve website performance through the following steps: 1) Define the cache area and set the cache path; 2) Configure the cache validity period; 3) Set different cache policies according to different content; 4) Optimize cache storage and load balancing; 5) Monitor and debug cache effects. Through these methods, Nginx cache can reduce back-end server pressure, improve response speed and user experience.

Using DockerCompose can simplify the deployment and management of Nginx, and scaling through DockerSwarm or Kubernetes is a common practice. 1) Use DockerCompose to define and run Nginx containers, 2) implement cluster management and automatic scaling through DockerSwarm or Kubernetes.

The advanced configuration of Nginx can be implemented through server blocks and reverse proxy: 1. Server blocks allow multiple websites to be run in one instance, each block is configured independently. 2. The reverse proxy forwards the request to the backend server to realize load balancing and cache acceleration.

Nginx performance tuning can be achieved by adjusting the number of worker processes, connection pool size, enabling Gzip compression and HTTP/2 protocols, and using cache and load balancing. 1. Adjust the number of worker processes and connection pool size: worker_processesauto; events{worker_connections1024;}. 2. Enable Gzip compression and HTTP/2 protocol: http{gzipon;server{listen443sslhttp2;}}. 3. Use cache optimization: http{proxy_cache_path/path/to/cachelevels=1:2k

Nginx security enhancement can be achieved through the following steps: 1) Ensure all traffic is transmitted through HTTPS, 2) Configure HTTP headers to enhance communication security, 3) Set up SSL/TLS encrypted data transmission, 4) Implement access control and rate limiting to prevent malicious traffic, 5) Use the ngx_http_secure_link_module module to prevent SQL injection attacks. These measures can effectively improve the security of Nginx servers.

Nginx can achieve high availability and scalability by configuring load balancing. 1) Define upstream server groups, 2) Select appropriate load balancing algorithms such as polling, weighted polling, minimum connection or IP hashing, 3) Optimize configuration and monitor and adjust server weights to ensure optimal performance and stability.


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

AI Hentai Generator
Generate AI Hentai for free.

Hot Article

Hot Tools

Dreamweaver CS6
Visual web development tools

ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment

VSCode Windows 64-bit Download
A free and powerful IDE editor launched by Microsoft

mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),

Zend Studio 13.0.1
Powerful PHP integrated development environment