Shulou(Shulou.com)06/01 Report--

Today, I will talk to you about how to configure ssl certificates to achieve https access in nginx. Many people may not know much about it. In order to make you understand better, the editor has summarized the following for you. I hope you can get something according to this article.

First, environmental description

Server system: ubuntu16.04LTS

Server IP address: 47.89.12.99

Domain name: bjubi.com

Second, domain name resolution to the server

Find the "resolution" of the domain name that needs to be resolved in the Aliyun console-products and Services-Cloud Resolution DNS-. After entering the resolution page, select "add Resolution" button to pop up the following page:

The host record is selected here, and the record value is the server ip address. Confirm.

Third, apply for ca certificate

On the Aliyun console-products and Services-Security (Cloud Shield)-CA Certificate Services (data Security), click Buy Certificate

Select "Free version of DV SSL" and click Buy now:

Then click to pay:

Final confirmation of payment:

You will go back to the management interface:

Click "complete", enter the domain name to be resolved, and click next:

Note: because we are applying for a development version of a free certificate, a certificate only supports one domain name authentication and does not support wildcards.

After waiting for a few minutes and the certificate status changes to issued, the certificate application is successful.

Fourth, download the certificate

Find the issued certificate in the list and download:

Go to the download page, find the nginx configuration information in the ngin tab, and "download the certificate for Nginx":

Record the following to configure nginx for later:

There are two files downloaded:

1,214292799730473.pem

2,214292799730473.key

Fifth, server installation, configuration nginx

Log in to the server:

$apt-get update / / update software $apt-get install nginx / / install nginx

1the installation directory of 1 etc/nginx/ nginx is: / ginx. Go to the directory, add the cert/ folder, and upload the two files you just downloaded to the cert/ folder.

2. Under / etc/nginx/sites-enabled/, add the bjubi.com file. The contents are as follows:

Note: the following configuration is to listen on port 443 and port 80, and port 443 should be enabled for ssl. The server configuration for listening on port 443 can be configured by imitating the nginx configuration example on the ca authentication page above.

The root node the author has created a bjubi.com/ folder dedicated to storing requests from this domain name to show distinction.

Add an index.html file under the bjubi.com/ folder with only one line of welcome written in it.

Server {listen 443; server_name bjubi.com; / your domain name ssl on; root / var/www/bjubi.com; / / foreground file storage folder, you can change the index.html ssl_certificate cert/214292799730473.pem;// in the folder configured above other index index.html index.htm;// to the name of your certificate ssl_certificate_key cert/214292799730473.key / / the name of your certificate ssl_session_timeout 5m; ssl_ciphers ECDHEMurRSAmuri AES128Mugashi SHA256 ssl_ciphers ECDHEV ECDHEV AESH HIGH Vista null LLR4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / {index index.html index.htm;}} server {listen 80; server_name bjubi.com;// your domain name rewrite ^ (. *) $ADH permanent. / / convert the domain name request of http to https}

After the configuration is complete, check to see if the nginx configuration file is available, and a successful indicates that it is available.

$nginx-t / / check nginx configuration file

When the configuration is correct, reload the configuration file to make the configuration effective:

$nginx-s reload / / make the configuration effective

At this point, the https access of nginx is completed, and all http requests are converted into https requests through rewrite, which is more secure.

To restart nginx, use the following command:

$service nginx stop / / stop $service nginx start / / start $service nginx restart / / restart

Seventh, access effect

Typing http:bjubi.com will also automatically jump to the https page.

Note: if it is a CVM such as Aliyun ECS, you need to go to the security group at the management backend of Aliyun ECS, and modify the port filtering rules to open ports 80 and 443 to access it.

After reading the above, do you have any further understanding of how to configure ssl certificates to achieve https access in nginx? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.