Use HTTPS to visit our site, not only to increase the security of our site, but also to improve the force of our site! I have some experience in building SSL services and CDN for the website, here to share with you, I hope to help in this aspect of the needs of small partners!!

Step 1 Purchase an SSL certificate

Open Ali Cloud > Products and Services > SSL certificate

Step 2 Verify the domain name

After the successful purchase, we need to verify our domain name, so we need to resolve the domain name

  • Record type:TXT
  • Host record:hub.fengwenyi.com
  • Record the value:Fill in the record values from the table here

Click Save. Then click Verify in the Verify domain

Step 3 Download the certificate

Although the domain name has been verified, the certificate we applied for still needs a period of review.

At this time, we need to download the certificate.

Step 3 Configuration

It should be noted that we are using Nginx

So, we upload the downloaded certificate to the server… / nginx/config/cert directory

Then let’s configure Nginx.

  • listen 443 ssl; The SSL protocol access port number is 443. If SSL is not added, Nginx may fail to start.
  • server_name hub.fengwenyi.com; # domain name, used instead of the port number to be accessed
  • ssl_certificate cert/hub.fengwenyi.com.pem; # Replace domain name.pem with the file name of your certificate.
  • ssl_certificate_key cert/hub.fengwenyi.com.key; # Replace domain name.key with the key file name of your certificate.
  • ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:! NULL:! aNULL:! MD5:! ADH:! RC4; # Use this encryption suite.
  • Ssl_protocols TLSv1 TLSv1.1 TLSv1.2; Configure using this protocol.

Then, we’ll jump to this as well when we access port 80

  • rewrite ^(.*)host$1 permanent; Redirect all HTTP requests to HTTPS via rewrite.

Nginx is configured as follows:

#user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' #  '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { listen 80; server_name hub.fengwenyi.com; Change localhost to the domain name bound to your certificate, for example, www.example.com. rewrite ^(.*)$ https://$host$1 permanent; Redirect all HTTP requests to HTTPS via rewrite. location / { proxy_pass http://localhost:5000/; } } server { listen 443 ssl; The SSL protocol access port number is 443. If SSL is not added, Nginx may fail to start. server_name hub.fengwenyi.com; # the domain name, is going to visit the port number used to replace ssl_certificate cert/hub.fengwenyi.com.pem; # Replace domain name.pem with the file name of your certificate. ssl_certificate_key cert/hub.fengwenyi.com.key; # Replace domain name.key with the key file name of your certificate. ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:! NULL:! aNULL:! MD5:! ADH:! RC4; # Use this encryption suite. Ssl_protocols TLSv1 TLSv1.1 TLSv1.2; Configure using this protocol. ssl_prefer_server_ciphers on; location / { proxy_pass http://localhost:5000/; }}}Copy the code

Restart the Nginx

./nginx -s reload
Copy the code

preview

After these operations, the SSL certificate audit is almost complete.

No more words let’s go straight to the interview!

hub.fengwenyi.com

Personal website

www.fengwenyi.com