Record how to upgrade your website to HTTPS to get a certificate for free.
background
Direct deployment of re-server sites are usually silent – recognized as plaintext HTTP protocol, that is to say, all your requests are easy to be monitored, stolen and modified, basically equal to streaking, very insecure.
You can enable HTTPS to increase security and protect your website from privacy theft.
To enable HTTPS, you usually need a certificate, which you usually need to purchase. This article describes how to obtain a certificate for free.
To prepare
- A Linux server;
- Install nginx;
- HTTPS certificates (this article explains how to get them for free);
steps
1. Create an HTML file
Create a new index.html file in a directory on the server and use it as our website.
- Create a new index.html file
vim /data/sites/blog/index.html
Copy the code- Index. HTML file contents
<! DOCTYPEhtml>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="Width = device - width, initial - scale = 1.0">
<title>Https</title>
</head>
<body>
<h1 style="text-align: center;">Hello Https!</h1>
</body>
</html>
Copy the code2. Nginx proxy
- Nginx basic configuration
user www;
# Other configuration...
http {
# nginx request log address
access_log /usr/local/webserver/nginx/logs/access.log;
server {
listen 80; # monitor port
server_name your.server.name;# the domain name
index index.html index.htm index.php;
root /data/sites;# site directory
location / {
root html;
index index.html index.htm;
}
location /blog {
root/data/sites/blog; }}}Copy the code- Restart the nginx service
nginx -t
nginx -s reload
Copy the codeAfter this step, go to http://your.server.name/blog you can see this page:
The protocol used in the address bar is HTTP, and the exclamation mark is not safe:
3. Obtain the HTTPS certificate
- freessl.cn
-
Download and install the free certificate obtaining software keymanager:keymanager.org
-
After downloading, register your account and log in.
-
Click to open KeyManager
- Obtain the domain name management background of Ali Cloud/Tencent Cloud and other cloud services as prompted by the software
Add records - If you select one-click application, records will be added and verified in Aliyun automatically to complete certificate application
- DNS authentication
- Download the certificate
- Copy files to a directory on the server
4. Modify the HTTPS configuration on nginx
- There are two main points: add SSL configuration and specify certificate location
user www;
# Other configuration...
http {
# nginx request log address
access_log /usr/local/webserver/nginx/logs/access.log;
server {
listen 443 ssl; # monitor port
server_name your.server.name;# the domain name
index index.html index.htm index.php;
root /data/sites;# site directory
access_log /usr/local/webserver/nginx/logs/blog.access.log; #nginx request log address
# SSL certificate address
ssl on;
Path to the pem file
ssl_certificate /usr/local/webserver/nginx/certificate/your.server.name_chain.crt;
# key File path
ssl_certificate_key /usr/local/webserver/nginx/certificate/your.server.name_key.key;
Configure SSL authentication
ssl_session_timeout 5m; # cache expiration date
ssl_ciphersECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:! NULL:! aNULL:! MD5:! ADH:! RC4;# Encryption algorithm
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Secure link optional encryption protocol
ssl_prefer_server_ciphers on; Use the preferred algorithm on the server side
location / {
root html;
index index.html index.htm;
}
location /blog {
root/data/sites/blog; }}HTTP requests are redirected directly to HTTPS
server {
listen 80; # monitor port
location/ {return 301https://your.server.name/; }}}Copy the code- Restart the nginx service
nginx -t
nginx -s reload
Copy the code5. Verify the HTTPS
After this step, go to http://your.server.name/blog you can redirect to https://your.server.name/blog see small lock has had, protocol called HTTPS:
reference
- Apply for a free HTTPS certificate on freessl.cn