Website deployment https certificate

Keywords: Nginx SSL GitLab Vue

1. HTTPS certificate:

htttps is different from http because it has more encryption, authentication, authentication and security from asymmetric encryption and third-party CA certificate;

The working principle is as follows:

First, the client generates a random number and sends it to the server;

The server generates a random number and sends it to the client together with the public key;

The client sends the data to the server with public key encryption, and the server uses the private key to decrypt and view the data and establish a connection after receiving it.

For nginx to use SSL authentication, first of all, you need to obtain an SSL certificate. There are many paid ones. For free, there are both Alibaba cloud and Tencent cloud. Take Alibaba cloud as an example. Of course, there are paid ones in Alibaba;

The company provides its own certificate, I just need to add;

Then download the certificate to the local and upload it to the server, and put it in the same directory of the configuration file of ningx:

[root@web_01 conf.d]# mkdir /etc/nginx/conf.d/cert/
[root@web_01 conf.d]# ls /etc/nginx/conf.d/cert/

Then create the configuration file in the current directory as follows:

upstream {
    #   server;

server {
    listen       443 ssl ;
    listen       [::]:443 ssl ;
    ssl_certificate /etc/nginx/conf.d/cert/;
    ssl_certificate_key /etc/nginx/conf.d/cert/;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    root   /home/gitlab-runner/vue-static;
    index  index.html index.htm;
    location /api {
      add_header 'Access-Control-Allow-Origin' '*';
location / {
            try_files $uri $uri/ @router;
            index  index.html index.htm;
        location @router {
            rewrite ^.*$ /index.html last;
server {
    listen 80;
    rewrite ^(.*)$ https://$host$1 permanent;

As configured above, reverse proxy upstream is used to proxy users to port 7090 of the machine, which is a program deployed in docker

Then reload the configuration file of nginx: & & & nginx -s reload

Then can be found on the website.

[root@web_01 conf.d]# curl  -I
HTTP/1.1 200 OK
Server: nginx/1.16.0
Date: Fri, 17 May 2019 03:53:15 GMT
Content-Type: text/html
Content-Length: 5509
Last-Modified: Wed, 15 May 2019 09:41:05 GMT
Connection: keep-alive
ETag: "5cdbdeb1-1585"
Accept-Ranges: bytes

Posted by ajpasetti on Sat, 09 Nov 2019 06:45:40 -0800