Shulou(Shulou.com)06/01 Report--

How to purchase https certificate and how to configure https for nginx, this article introduces the corresponding analysis and answer in detail, hoping to help more partners who want to solve this problem to find a more simple and easy way.

Purchase https certificate and nginx configuration https

1. The function of https

The full name of https is secure Hypertext transfer Protocol, which adds ssl encryption protocol to http. In the process of information transmission, the information may be hijacked, resulting in the loss of data, and if https is used, even if the information is hijacked, because in the process of transmission, the information is encrypted, so the security of the data can be guaranteed.

2. Apply for a certificate

At present, certificates can be purchased on either Aliyun or Tencent Cloud. Now take Aliyun as an example to purchase certificates.

Find SSL certificates on Aliyun's products and services

Click to buy a certificate and you can see a free SSL certificate. If it is for personal use, you can use this. If it is an enterprise, you need to buy a certificate according to your specific needs.

Free type can only correspond to a fixed second-level domain name.

Select the certificate application, then according to the prompt, write your own domain name clearly, the information will be the next step, and then verify it.

When the status changes to be signed, you can download the certificate and upload it to the server.

3. Check whether nginx has-- with-http_ssl_module module

Using https requires the use of the ssl module. If there is no need to install.

4. Configure https

Here is the configuration of the local machine

Ssl on

Ssl_certificate ssl/2943505_www.yunweigonghui.com.pem;# had better write absolute path

Ssl_certificate_key ssl/2943505_www.yunweigonghui.com.key; # it is best to write an absolute path

Ssl_session_cache shared:SSL:1m

Ssl_session_timeout 5m

Ssl_ciphers HIGH:!aNULL:!MD5

Ssl_prefer_server_ciphers on

As for the rest of the configuration in server, as long as it is consistent with the configuration of http. That is, how to configure port 80, and how to configure port 443.

5. Detailed explanation of parameters

Personally, I think that in addition to ssl_certificate and ssl_certificate_key need to be configured according to the actual situation, the other default is OK.

Parameter interpretation

Ssl on; opens the ssl module

The location where the public key is stored in ssl_certificate ssl/ssl.pem; (usually using public key certificate in crt format or pem format)

The location where ssl_certificate_key ssl/ssl.key; stores the key

Ssl_session_cache shared:SSL:1m; stores the type and size of the cache for session parameters

Ssl_session_timeout 5m; wait timeout

The algorithm of ssl_ciphers key is just a few to write.

Ssl_prefer_server_ciphers on; gives priority to the server's algorithm, which takes effect when using SSLv3 and TLS protocols

If the firewall is turned on, don't forget to open port 443.

6. Add http jump

Inevitably, the client still uses http to access the page. At this time, you can jump from http to https as long as you add the following configuration.

Server {

Listen 80

Server_name www.yunweigonghui.com

Rewrite ^ (. *) $https://$host$1 permanent

Location / {

Index index.html index.htm

}

This is the answer to the question about how to purchase a https certificate and how to configure https for nginx. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel to learn more about it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.