search

Home  >  Article  >  Operation and Maintenance  >  Nginx with SSL: Configure HTTPS to protect your web server

Nginx with SSL: Configure HTTPS to protect your web server

WBOY
WBOYOriginal
2023-06-09 21:24:28860browse

Nginx is a high-performance web server software and a powerful reverse proxy server and load balancer. With the rapid development of the Internet, more and more websites are beginning to use the SSL protocol to protect sensitive user data, and Nginx also provides powerful SSL support, making the security performance of the web server even further.

This article will introduce how to configure Nginx to support the SSL protocol and protect the security performance of the web server.

What is SSL protocol?

SSL (Secure Sockets Layer) is a protocol for encrypted data transmission. Through the SSL protocol, communications between two computers are encrypted, protecting sensitive data from being stolen by hackers and spies. Many websites use the SSL protocol to protect users' personal information, credit card numbers, login credentials and other information.

The implementation of the SSL protocol is accomplished through digital certificates. Digital certificates are issued by some trusted third-party organizations. The certificate contains the public key of the website and some metadata information. When the user connects to the website, the server will send a digital certificate, and then the user's browser will verify the digital certificate. Perform verification to ensure communications are safe and reliable.

Nginx’s SSL module

Nginx provides an SSL module named ngx_http_ssl_module to provide SSL protocol support. Most modern web browsers support the SSL protocol, so enabling SSL is the best way to protect data transmission between the web server and the client.

Install SSL Certificate

Before using the SSL protocol, you must first install the SSL certificate. To install an SSL certificate, you can contact a digital certificate authority (CA) to obtain a certificate, or you can achieve this through a self-signed certificate.

A self-signed certificate is an untrusted certificate used primarily for testing and debugging purposes. First, the "Authority" that signed the certificate should be yourself, and then generate the certificate. To create a self-signed certificate, you can use the following command: 

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /path/to/your/key.pem -out /path/to/your/cert.pem

After generating the certificate, you only need to put it on the server and add the certificate path to the Nginx configuration file.

Configuring Nginx to support SSL

The following are the steps to configure Nginx to support SSL:

  1. Install nginx: If Nginx has not been installed, you need to follow Nginx's instructions first Official installation documentation for installation. You can use the following command to check whether Nginx has been installed: 
nginx -v
  1. Generate an SSL certificate: You can use a self-signed certificate or apply for an SSL certificate from the CA agency, and then copy the key and crt files to the corresponding Table of contents. For example: 
cp /path/to/your/cert.pem /usr/local/nginx/conf/
cp /path/to/your/key.pem /usr/local/nginx/conf/
  1. Modify Nginx configuration: Open the Nginx configuration file, usually /etc/nginx/nginx.conf, and add the following content: 
server {
    listen       443 ssl;
    server_name  example.com;

    ssl_certificate      /usr/local/nginx/conf/cert.pem;
    ssl_certificate_key  /usr/local/nginx/conf/key.pem;

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

    location / {
        proxy_pass  http://backend;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}
  1. Restart Nginx: Restart Nginx to apply the new configuration. 
nginx -s reload

Now your web server has been configured and can be accessed securely under the HTTPS protocol.

Conclusion

The SSL protocol is one of the best ways to protect data transmission between the web server and the client. In order to use the SSL protocol, a certificate must be installed and then added to the Nginx configuration file. Configuring Nginx to support the SSL protocol is an easy task. Just follow the steps described in this article one by one to protect your web server and user data under the HTTPS protocol.

The above is the detailed content of Nginx with SSL: Configure HTTPS to protect your web server. For more information, please follow other related articles on the PHP Chinese website!

nginx https ssl 负载均衡
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:Security plugin in Nginx reverse proxyNext article:Security plugin in Nginx reverse proxy

Related articles

See more