“This article has participated in the good article call order activity, click to see: back end, big front end double track submission, 20,000 yuan prize pool for you to challenge!”

Upgrade your website to HTTPS for free

We know that HTTPS has many benefits, such as the way communication is encrypted and secure. Visit the website of any large factory and you will find that they are all HTPPS. Like our nuggets. So how do we turn our Web sites into HTTPS?

We know that HTTPS is different from HTTP because HTTPS adds the SSL protocol to HTTP. So here we go, guys.

1. Apply for a free SSL certificate

Many agencies have the function of applying for certificates, such as our most familiar Ali Cloud, UCloud. Let’s take Aliyun as an example, because UCloud requires information about the company. We apply as individuals.

First, open my Aliyun connection above and select the free DV single domain certificate, as shown below:

The drawback of free SSL certificates is that a single domain name means that an SSL certificate can only be bound to one secondary domain name. And you have to apply for a certificate every year. But for us as individual developers, it’s more than enough.

2. Log in to your Aliyun account

Must log in, do not log in how to buy? Not much explanation.

3. Create a certificate

In the SSL Certificate console, choose Free Certificates -> Create Certificate 20/20. I used one here before, so it’s 19.

When the creation is complete, a certificate instance will be created and click Certificate Request

4. Certificate application

When you’re done, it will generate a popover on the right.

  • 1. Enter your secondary domain name
  • 2. If you have access to your DOMAIN management console, you can choose manual DNS authentication, as the next step will generate authentication information, which you need to configure in the domain resolution of the Domain console. As a personal developer, you must be able to log in; If you really don’t have one, then you go for file verification.
  • Enter your personal information.
  • Enter your location.
  • You see the hint of how the CSR is generated. If you don’t ask for it, the system generates it, and if you really need your own, fill it in manually.

Click Next.

There is a DNS resolution configuration. As I said in the previous step, if you have access to the DOMAIN management console, then do manual DNS authentication. The next step is to configure DNS resolution records.

5. Configure DNS resolution records

I bought my domain from UCloud, so I’ll use UCloud as an example.

Click Parse. Click add Record in the upper right corner of the new page.

Fill in the information of Ali Yunsheng here. The former is Ali Cloud, the latter is Ucloud

  • Domain name authentication type = Record type
  • Host record = Host record (note: this is not the second level domain you are bound to, but ali cloud generated information, this is the authentication channel.)
  • Record value = Record value

This information can be removed after the SSL certificate is issued.

6. Verify DNS

In Ali Cloud, the third step to verify whether the DNS is correct, click verify. If the DNS resolution record you configured in UCloud is correct, you will be prompted with a successful verification, and you can click submit for review.

7. Waiting for review

Review is very quick, also a few minutes of appearance, wait patiently for a while!

8. Download the certificate

If you are the server of Ali Cloud, you can click deployment to automate the deployment, because I am not ali Cloud here, so you can only click download.

When downloading, because my Web service is forwarded through nginx, so here we download the nginx certificate.

After downloading and decompressing, there will be two files, a POM file and a key file.

9. Upload the certificate

Upload the two files to any folder on your server, preferably to your nginx folder, so you know where the two files are and what they are used for. If you throw it away, you’ll probably forget it over time.

I upload it to /etc/nginx/cert.

10. Configure nginx

① Port 443 is added

Port 443 is primarily used for HTTPS services. The nginx configuration is as follows:

server { listen 443; server_name www.xxx.com; ssl on; ssl_certificate /etc/nginx/cert/xxx.com.pem; ssl_certificate_key /etc/nginx/cert/xxx.com.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:! NULL:! aNULL:! MD5:! ADH:! RC4; Ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; }Copy the code
  • Change server_name to your own secondary domain name.
  • Replace ssl_certificate with your own POM file downloaded from Aliyun
  • Ssl_certificate_key change to your own key file downloaded from Aliyun

(2) Forward incoming packets from HTTP to HTTPS

If your site is port 80, just add rewrite ^(.*)$https://$host$1;

server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  www.xxx.com;
        gzip on;
        rewrite ^(.*)$ https://$host$1;
        }
Copy the code

③ Restart nginx

11. Open port 443

If you are a cloud server, you have the configuration of replacing the external network firewall. If you are a physical server, you can directly permit the port. This is basic operation, can look up on the net, introduce more nevertheless.

12, test,

Open our website, successfully become HTTPS, ha ha, done, if you want to build my blog, you can refer to my article to teach you how to build your own blog