This article will not introduce HTTPS related knowledge, but I will share the process of creating HTTPS service for your reference. And already assume that you have purchased the server and domain name.
Certificate of purchase
- Access via console
CA Certificate Service
, click the purchase certificate in the upper right corner, enter the interface as shown below, and select freeSymantec
theDV SSL
.
- Click all the way, then go back to the certificate service home page, an order message will appear, click complete, as shown in the picture below.
- Then, as required, first fill in the full domain name of the certificate you want to apply for (for example, www.test.com, because this certificate is a single domain name, you cannot use wildcards); Then fill in your personal information. It is worth noting that you need to check the options surrounded by the red circle in the figure below, so that the verification can be automated without manual operation. Next, complete the information completion, wait a few minutes, and the verification can pass.
Add a security group rule for port 443
- While you’re waiting, check your server’s security group configuration to see if there’s a connection for port 443. The new rules created are shown below.
Download the certificate
- After a few minutes, you can see the state shown below.
- Then click Download to enter the interface shown below and click
Download the certificate for Nginx
configurationNginx
The server
-
Pem and ***. Key (you can change the name to whatever you want). Copy these two files to the cert folder in your Nginx root directory (you can create them yourself, or you can call them something else).
-
The next step is to configure the Nginx server.
If you have configured the reverse proxy, go to the conf.d directory and modify the conf file to which you want to configure HTTPS. A sample configuration is posted below. Port 80 is the HTTP link and is redirected to HTTPS. Port 443 is an HTTPS link.
Upstream blog {server 127.0.0.1:8080; } server { listen 80; server_name www.test.com; return 301 https://$host$request_uri; } server { listen 443; server_name www.test.com; ssl on; index index.html; ssl_certificate /etc/nginx/cert/***.pem; ssl_certificate_key /etc/nginx/cert/***.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:! NULL:! aNULL:! MD5:! ADH:! RC4; Ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_redirect off; expires off; sendfile off; proxy_pass http://test; }}Copy the code
- Run after the configuration is complete
nginx -s reload
Reload the configuration, enter the link in the browser, and enter the HTTPS link ✌️.