1. Https or Http?

1.1 What is Https?

The following paragraph is from Baidu Baike:

HTTPS (Hyper Text Transfer Protocol over SecureSocket Layer) is an HTTP channel aiming at security. Based on HTTP, HTTPS ensures transmission security through transmission encryption and identity authentication. HTTPS adds SSL to HTTP. The security of HTTPS is based on SSL. Therefore, SSL is required for encrypting details. HTTPS has a different default port from HTTP and an encryption/authentication layer (between HTTP and TCP). This system provides authentication and encrypted communication methods. It is widely used for security-sensitive communications on the World Wide Web, such as transactions and payments.

1.2 Why USE Https?

As the name implies, HTTPS is more secure than HTTP because SSL is added to ensure that web content cannot be tampered with by third parties during HTTP transmission.

Some guest officers will ask, tamper with how can drop?

Imagine, if you have an e-commerce website, what you buy above is the price of the product you set up, but there may be illegal elements to change your price to 1 cent, so your loss can be big. This is just one simple example, but there could be many more frightening consequences or possibilities. In general, if you deploy a web site, you generally deploy HTTPS.

1.3 How Can I Deploy Https on the Website?

A prerequisite for deploying an existing web site as an HTTPS site is to apply for an SSL certificate. When a user visits a website, your Web server encrypts the content using an SSL certificate and sends it to the browser along with the public key. The browser automatically installs the public key, decrypts the content, and displays it on the browser.

2. How to apply for a free certificate?

Generally speaking, there are three ways to obtain an SSL certificate:

  • Some cloud manufacturers will provide free certificates, such as Ali Cloud, if you apply for ECS on Ali Cloud, Ali Cloud will provide 20 free certificates within one year
  • A paid SSL certificate can be purchased from a CA, which has a long validity period and can support multi-level domain names
  • Apply for a free SSL certificate from a CA such as LetsEncrypt or ZeroSSL. Generally, the validity period of such free SSL is 3 months, after which the renew certificate is required

3. LetsEncrypt与ZeroSSL

CA Certificate of 90 days 1 year certificate
Zero SSL Each user has 3 free certificates for life, and renew also needs a free quota.

Start charging from the fourth.
charge
LetsEncrypt infinite charge

4. How do I apply for an SSL certificate on Ubuntu

You can refer to this document to apply

Certbot.eff.org/lets-encryp…

  • Install openssl
sudo apt install openssl -y
Copy the code
  • Install snapd
sudo apt install snapd -y
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot
Copy the code
  • Install Nginx

Refer to this article to install Nginx

www.digitalocean.com/community/t…

  • To apply for the certificate
certbot certonly --nginx
Copy the code

To do this, you will need to enter your email address and domain name (if you don’t have a domain name, use IP), but you will need to make sure that the domain name or IP you enter is available.

  • in/etc/letsencrypt/archiveTo view the generated certificate

You need to use fullChain1. pem and privKey1. pem.

5. How to use Nginx to deploy HTTPS websites?

  • Place the generated certificate in/etc/sslfolder
# /etc/letsencrypt/archive/<yourdomain>
cp fullchain1.pem /etc/ssl/fullchain.pem -f
cp privkey1.pem /etc/ssl/private.pem -f
Copy the code
  • updatenginx.conffile
  server {
      listen 80;
      return 301 https://$host$request_uri;
  }

  server {
      listen 443 ssl;
      #...

      ssl_certificate           /etc/ssl/fullchain.pem;
      ssl_certificate_key       /etc/ssl/private.pem;

      ssl on;
      ssl_session_cache  builtin:1000  shared:SSL:10m;
      ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
      ssl_ciphers HIGH:! aNULL:! eNULL:! EXPORT:! CAMELLIA:! DES:! MD5:! PSK:! RC4;
      ssl_prefer_server_ciphers on;
      #...
  }

Copy the code