Shulou(Shulou.com)05/31 Report--

This article introduces the relevant knowledge of "the method of configuring HTTPS on LINUX server". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Background description

The server is Aliyun ecs and the operating system is centos 6.5.

Deployment configuration description

Step 1: install nginx

The reason for installing nginx first is that when you configure domain name resolution below, you can see the effect directly in the browser. Of course, it is possible to configure the domain name first, and then ping it.

Download the nginx source code package, extract the source code package, enter the decompressed directory, and compile the configuration. The command is as follows:

. / configure-prefix=/usr/local/nginx-with-http_ssl_module

The above command installs nginx into the usr/local/nginx directory and starts the ssl function. Make sure that the open-ssl package is installed on the server in advance. If not, you can install it online with the following command:

Yum-y install openssl openssl-devel, in addition to pcre, zlib.

Then execute the make & & make install command to start the compilation installation until you are prompted that the installation is successful. You can enter the. / nginx command in the / usr/local/nginx/sbin directory to start the default configuration file. If you need to specify a configuration file, use the following command:

. / nginx-t-c / usr/local/data/my-nginx.conf, check the configuration file and specify a configuration file.

During installation, you may be prompted for the lack of other dependent packages, so follow the prompts to install.

If unfortunately you have previously installed nginx but did not compile the ssl module, you can recompile the ssl module according to this article.

After startup, if nothing happens, you can access the server and see the nginx default page.

The second step is to apply for and resolve domain names

Why to apply for a domain name, this does not say much, the website wants external access, there must be a domain name, is it difficult to directly use ip access? Even if you have to use ip to access, I'm sorry, but you need to fill in the domain name when configuring the https certificate below.

Log in to Aliyun-Wanwang to query the domain name you want to register. if it has not been registered, you can buy it directly. A good domain name has long been sold or preempted by the registrant. General domain names, such as company names, product names, full spelling and abbreviations, are generally not registered, and such domain names are also relatively cheap and will not exceed 100 in a year.

After purchasing the domain name, you need to fill in a series of related information, which can be completed as prompted. Then the domain name is resolved.

When you enter the cloud resolution, you will see the Wanwang domain name you have. Select a domain name and click the "add Resolution" button below.

Jump to the parsing settings page, where the record type defaults to a

If the host record is a second-level domain name, such as fengzheng.pub, enter www here. If it is a third-level domain name, such as api.fengzheng.pub, enter api here.

The record value is the corresponding server ip, and click add. It usually takes effect within a minute.

The server that the domain name points to can be accessed through the resolution that has just been configured, such as www.fengzheng.pub. The first step is to install nginx, so if you visit the domain name now, the nginx default page should appear. If you are prompted that there is a problem with dns parsing, it may be that the local or dns service provider has a cache, clear the cache or try again after a while.

The third step is to apply for ssl certificate

Enter the Aliyun console, click "Certificate Service" under "Security (Cloud Shield)", click to buy a certificate, select a free dv ssl, and follow the prompts, anyway, you don't have to spend money.

Next, come to my order page, see that the certificate status is "to be completed", click the "complete" link.

Next, you are required to enter a domain name, because only one domain name is supported by the free certificate, and you can write the domain name or subdomain name you apply for, such as a.com or api.a.com.

After entering the personal information, there is a domain name verification type, which is divided into dns verification and file verification. For more information, please see the Aliyun help manual.

Finally, when it comes to uploading information, you generally choose the system to generate csr.

The dns verification method is selected here. Clicking the progress button will bring up a prompt box and add a dns record according to the action in the prompt box. (file verification requires a html file to be placed in a directory specified by the server and then accessed through url to verify success.)

Until my order page shows that the certificate status is issued, the certificate application is successful.

After that, I will see the download button in the operation bar in my order list. Click the button to jump to the certificate download page, where nginx, apache, tomcat and other certificates are downloaded.

Select the nginx certificate here.

Step 4 configure https in nginx

Extract the downloaded certificate with two files, one is .key and the other is .pem, and transfer these two files to a directory on the server.

Locate the nginx configuration file, open it for editing, and add the following code:

Server {listen 443 ssl; server_name localhost; ssl on; ssl_certificate / root/data/cert/test.pem; ssl_certificate_key / root/data/test.key; ssl_session_timeout 5m; ssl_ciphers ECDHEL RSAUSAL Aes128Mui GMMMMMMMMMMMMMMMMMMMMMMMMMMMMMUTHACEH, ECDH, ACEH, ANLLER, MOD5, MD5, ADH, Rc4 Location ^ ~ / test {proxy_redirect off; proxy_set_header host $host; proxy_set_header x-real-ip $remote_addr; proxy_set_header x-forwarded-proto https; proxy_pass http://127.0.0.1:8080/test;}}

Finally, restart nginx.

This is the end of the content of "how to configure HTTPS on LINUX server". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.