Why use HTTPS

HTTPS is more secure. Even to secure a professional and reliable website, HTTPS is a must. Firefox and Chrome both plan to mark HTTPS sites as unsafe if they don’t have SSL (and it looks like Firefox50 has already done that), and they’re also working with other foundations and companies to push for HTTPS across the Internet. Some of the major websites you’re visiting right now. For example, Google has all enabled HTTPS many years ago, and Domestic Taobao, Sogou, Zhihu, Baidu and so on are also comprehensive HTTPS. Even Google’s search results are giving HTTPS sites higher rankings and preferential inclusion.

Front knowledge

HTTP and HTTPS

HTTP is a protocol for transmitting web content. For example, you can see the website www.163.com that starts with HTTP. The resources on the website are transmitted to our browser through HTTP protocol and then seen by us.

HTTP is transmitted in plain text, and the content transmitted through HTTP is easy to be peeped and tampered with. For security (you don’t want someone snooping or tampering with your web page, like your bank password). Add a layer of SSL/TLS to HTTP, and you have HTTPS.

SSL/TLS

HTTP over SSL/TLS means HTTP with a secure socket layer (SSL). SSL stands for Secure Sockets Layer, which means Secure Sockets Layer. TLS stands for Transport Layer Security. SSL and TLS are two different phases of the same thing. They are both security protocols.

CA

Certificate Authority (CA) is an organization that issues digital certificates. It is the authority responsible for issuing and managing digital certificates, and as a trusted third party in e-commerce transactions, it undertakes the responsibility of verifying the validity of public keys in the public key system.

Obtaining an SSL Certificate

First we need to get an SSL certificate so that our website can be configured with HTTPS.

Since my server and domain name are Ali cloud, for convenience, I will demonstrate here how Ali cloud is to apply for a certificate, of course, in order to reduce the cost of everyone trying to apply for a free certificate.

Enter Ali Cloud to search for SSL certificate products, enter the purchase page, and select a free certificate to purchase according to the following figure:

Click Buy now and proceed to the next step to enter the following interface:

Click go to Certificate Console and then click Certificate Apply:

Fill in the corresponding information. Note that because it is a free version, the wildcard cannot match the domain name, so you need to fill in the complete domain name. My domain name is Ali cloud, so it will automatically verify, if it is other manufacturers, need to manually verify, here will not demonstrate:

Click Next and verify. If the verification is successful, you can submit the verification. Usually, you can see the approval immediately:

After the certificate is approved, you can see the newly applied certificate. Next, you need to configure HTTPS on the server. Click Download first to download the certificate to the local:

My server uses Nginx, so I choose nginx here. Other server types can be downloaded as needed:

After the download is complete, you can unzip two files: xxx.key and xxx.pem. Upload them to your server:

Configure HTTPS using nginx

Then go to the nginx configuration file (assuming you have installed it) and configure it as follows. The instructions are described in comments:

# blog.conf
server {
  listen 80; # http
  server_name blog.ywhoo.cn;
  return 301 https://blog.ywhoo.cn; Redirect to HTTPS when the user accesses HTTP
}

server {
  listen 443 ssl; The default value of HTTPS is port 443, which needs to be released by the server's security group to ensure normal access
  server_name blog.ywhoo.cn; # domain name
  ssl on; # open SSL
  ssl_certificate /www/ssl/4755935_blog.ywhoo.cn.pem; The address is the address to which we uploaded the certificate file
  ssl_certificate_key /www/ssl/4755935_blog.ywhoo.cn.key; Certificate of # key
  ssl_session_timeout 5m;
  ssl_ciphersECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:! NULL:! aNULL:! MD5:! ADH:! RC4;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;

  # the page displayed when visiting the root directory, I put my blog here
  location / {
    root /www/blog;
    indexindex.html; }}Copy the code

My blog address, you can see that this address is HTTP, but when accessing it will be automatically redirected to HTTPS.

This is part of the improvement of the newly built blog. There may be problems in the subsequent construction process, and I will continue to share with you. Say Goodbye ~