Premise: purchase cloud server, create instance, purchase domain name, ICP record >> Aliyun official website
HTTPS was not configured at first, because there were no obstacles to the initial learning practice, and nginx + vue + pM2 can also play happily.
Later, in the process of continuous practice, I came across many places that need HTTPS:
- Webpage hijacked
- Some of the
APIIt can only be invoked in a security context, such as callgetUserMedia ()Method, otherwise undefined error - Micro channel small program configuration server legitimate domain name requirements
https
Get down to business and start configuring the free HTTPS service (enough for personal study)
Buy a Free Certificate
- Log in ali Cloud management background – enter SSL Certificate Overview – click
Certificate of purchase
- Select a free certificate – click Buy Now
- Purchase success page available
Go to certificate Console
The certificate application
- Certificate Console – Click
The certificate application
The newly purchased certificate is pending application
- Enter information such as the domain name bound to the certificate
Enter the certificate binding domain name, contact, and other default values. After the application is successful, the application will enter the status of application review
- The certificate is issued after the application is approved
The certificate application review process is very fast, almost in seconds
Certificate of configuration
- Download the certificate
Choose the appropriate download according to your server type, I choose nginx, there are two files: xxx.pem and xxx.key, as shown below:
nginx httpsconfiguration
- Log in to your cloud server remotely and place the downloaded certificate file
/usr/local/nginx/cert/Under the path
- Modify the
nginxConfiguration file:/etc/nginx/nginx.conf
# Settings for a TLS enabled server.
#
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name _;
root /usr/share/nginx/html;
ssl_certificate "/usr/local/nginx/cert/xxx.pem";
ssl_certificate_key "/usr/local/nginx/cert/xxx.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers PROFILE=SYSTEM;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
Copy the codeThe nginx.conf file has the above configuration part by default, just comment it out, let go of the comment, and change XXX. Pen and XXX
- Check whether your cloud server is authorized
443Port access
Click The configuration rule to view. If port 443 is not authorized, add it yourself
- Check whether your security group is associated with related instances
If the related instance is 0, add the related instance as shown below
- Test your
httpsIs it properly configured?
Open your browser and type: https:// your domain name to see if the nginx test page appears
Make sure to check whether port 443 is granted access and whether the security group is associated with related instances. I did not pay attention to these two points during the configuration, and lost most of the time.