This is the first day of my participation in Gwen Challenge

How do I obtain an SSL certificate

I bought the domain name from Ali Cloud, so I can apply for a free SSL certificate from Ali Cloud. Login ali Cloud directly search SSL and then go to the purchase page according to the following selection can get free SSL certificate

How to apply and download

Now Ali cloud is very considerate, according to the first step of the purchase, go to SSL certificate console, and then fill in the required information for certificate application.

After filling in the verification, verification will need to be in accordance with ali cloud to information to apply for the domain name, the resolution of a TXT record, said ali cloud now, thief chicken intimate. After you fill out the information, click verify. He will help you to apply for the domain name to add a TXT record and domain name resolution. The next step is to wait for the certificate to be issued. The tutorials I see on the Internet basically say that only half a day can be issued. But I verified it as soon as I did. Then click Download Certificate and select the certificate installed on Nginx. Pem (this is the certificate signed by the CA) xxx.key (the certificate public key).

How to upload the downloaded certificate to ali Cloud ECS server

I use macOS, so I upload the SFTP function of the shell in the command line terminal. You can connect the file according to the following figure

You can also run SFTP [email protected] (public IP address of the server) on the cli to enter the login password of the server. After entering the password, you can use SFTP to upload files to the server. You can use the PUT command of SFTP to upload files. Before uploading, create a cert folder in /etc/nginx on the server.

// put IP address of the certificate file to be uploaded IP address of the folder to be uploaded to the server
put  /Usr/Desktop/4465440_www.xinxinsteel.cn.pem   /etc/nginx/cert
Copy the code

How to install SSL certificate in nginx on cloud server:

  • Listening on port 443
server { listen 443 ssl; // This is a new version of Nginx (1.16.x) recommended listening mode#1.16.x before the way

# ssl on;

Enter the name of the server where you want to use the HTTPS certificate

 server_name www.xinxinsteel.cn;

# certificate file addressssl_certificate /etc/nginx/cert/4465440_www.xinxinsteel.cn.pem; ssl_certificate_key /etc/nginx/cert/4465440_www.xinxinsteel.cn.key; ssl_session_timeout 5m; Ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:! aNULL:! MD5:! RC4:! DHE; ssl_prefer_server_ciphers on; location / { add_header'Access-Control-Allow-Origin' The '*'; proxy_pass https://sincerestainless.gitee.io/index/; }}Copy the code
  • Listening on Port 80
server   { 

     listen    80;

     server_name www.xinxinsteel.cn;

     HTTP requests are converted to HTTPS

     rewrite ^(.*) https://$server_nameThe $1 permanent;

     location / {

      #root /usr/share/nginx/html/xinxinweb/xinxin;

      #index welcome.html welcome.htm;

      #add_header 'Access-Control-Allow-Origin' '*';}}Copy the code

Note: we previously monitored port 80 443 in nginx, must go to the cloud server security group to set a whitelist, equivalent to open port 80 and 443 in public IP, otherwise we will not be able to access the website page.

Finally, we need to test the nginx configuration

  1. nginx -t
  2. If the test is ok, you can restart the nginx server nginx -s reload
  3. Go to your browser and you’ll see that the web address automatically uses THE HTTPS protocol