Step 1: Install the SSL module for Nginx

Usr /local/nginx = “usr/local/nginx” = “usr/local/nginx” = “usr/local/nginx”

/nginx -vCopy the code

If Configure arguments: — with-http_SSL_module is displayed, the SSL module is installed. You can skip step 2.

Step 2: Install the SSL module

Into the nginx decompression to your directory, attention is not the installation directory, to me is “/ usr/local/software/nginx”, then type:

./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module
Copy the code

Next, execute:

Make # do not make install, otherwise nginx will be re-installedCopy the code

After executing, a new folder “objs” will appear in the directory with an nginx file, as shown in the following figure:



Then copy the nginx file to sbin in the /usr/local/nginx installation directory. Before copying the nginx file, back up the nginx file under sbin and stop the service.

# to do the following below sbin, stop the service. / nginx - # s stop and then perform the following copy to sbin below cp/usr/local/software/nginx/objs/nginx/usr/local/nginx/sbinCopy the code

After the copy is successful, go to the nginx installation directory and enter the following command to check whether the installation is successful.

/nginx -v # Configure arguments: -- with-http_SSL_moduleCopy the code

Step 3: Apply for an SSL certificate

Take Ali Cloud as an example, first go to Ali Cloud to apply for a free SSL certificate, and then wait for the audit.



You can then see free use for a year

Step 4: Configure the SSL certificate

Download the approved SSL certificate from nginx



Pem and key files. In the nginx installation directory, go to conf and create a new folder “cert”.

mkdir cert
Copy the code

Upload these two files to the cert directory and rename them to “cert-file-name”, as shown in the picture:



Then go to the conf directory and edit the nginx.conf file to add the following configuration

# Of the following attributes, the attributes that start with SSL indicate that they are related to certificate configuration. server { listen 443 ssl; Set HTTPS to port 443. Nginx may fail to start if the default HTTPS access port is not configured here. If you are using Nginx 1.15.0 or later, use Listen 443 SSL instead of Listen 443 and SSL on. server_name yourdomain.com; You need to replace yourdomain.com with the domain name bound to the certificate. root html; index index.html index.htm; ssl_certificate cert/cert-file-name.pem; Cert-file-name. pem needs to be replaced with the name of the uploaded certificate file. ssl_certificate_key cert/cert-file-name.key; # replace cert-file-name.key with the name of the uploaded certificate key file. ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:! NULL:! aNULL:! MD5:! ADH:! RC4; # indicates the type of cipher suite used. Ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # indicates the type of TLS protocol used. ssl_prefer_server_ciphers on; location / { root html; # site directory. index index.html index.htm; }}Copy the code

If you want all HTTP visits to automatically redirect to HTTPS pages, you can set HTTP requests to automatically redirect to HTTPS by adding the following rewrite statement under the HTTP site to which you want to redirect.

server { listen 80; server_name yourdomain.com; You need to replace yourdomain.com with the domain name bound to the certificate. rewrite ^(.*)$ https://$host$1; Redirect all HTTP requests to HTTPS using the rewrite directive. location / { index index.html index.htm; }}Copy the code

After the modification is complete, press Esc and enter :wq! Press Enter to save the modified configuration file and exit the editing mode. Run the following command to restart the Nginx service.

CD /usr/local/nginx/sbin go to the executable directory of the nginx service. /nginx -s reload # Reload the configuration file.Copy the code

And then you go to the site and you use HTTPS

Finally, don’t forget to add port 443 to the security rules, otherwise you can’t access