“This is my fourth day of the November Gwen Challenge. Check out the details: [Last Gwen Challenge 2021]
The configuration is simple. In Aliyun, for example, you need to purchase an SSL certificate first. Some are expensive and some are free. Choose according to your own situation. After the certificate is purchased, download the certificate based on the server type. The configuration procedure is as follows. Take nginx configuring SSL with a single domain name as an example
1. Upload the downloaded pem and key files to the server. The path can be customized. It is recommended to upload to the default nginx installation directory. I created a cert folder in /etc/nginx.
Conf file in /etc/nginx/conf.d. Add SSL
server { listen 443 ssl; ssl_certificate cert/[x](http://www.yihuixiangxuan.com/4606514_www.yihuixiangxuan.com.pem;) xx.pem; Ssl_certificate_key cert/xxx.key Ssl_session_cache shared:SSL:100m; ssl_session_timeout 100m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:! NULL:! aNULL:! MD5:! ADH:! RC4; Ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; charset utf-8; server_name[www.](http://www.yihuixiangxuan.com; /)xxx.com; Root XXXX; # official website source path; }Copy the code
3. Save the changes and restart nginx.
Nginx - re reload.Copy the code
If there are no errors, it’s a success.
Common mistakes include
If restarting the Nginx server requires ngx_http_SSL_module the “SSL” parameter requires ngx_http_SSL_module, you need to recompile Nginx and add the — with-http_SSL_module configuration when compiling the installation.
If restart Nginx server error “/ cert/3970497_pic.certificatestests.com.pem” : BIO_new_file () failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(‘/cert/3970497_pic.certificatestests.com.pem’,’r’) Error :2006D080:BIO ROUTINES :BIO_new_file:no such file), you need to remove the/at the beginning of the certificate relative path. For example, you need to remove the front/cert/3970497_pic.certificatestests.com.pem /, use the correct cert/3970497_pic.certificatestests.com.pem relative path.
4. To redirect xxx.com to www.xxx.com, configure one on port 80
rewrite ^(.*)$ https://$host$1 permanent;
Copy the code