按下回车键跳到正文

Using SSL encryption my blog

Contents
  1. Apply certificent
  2. Configure the server & Install the certificate
  3. Set the redirect
  4. Reload the nginx service

Actually, I consider this thing for long time because I thought the certificate was a lot of money to buy.

Recently, my domain name is about to expire, and I found Aliyun(Alibaba Cloud) offers a free certificate application when I renew it. So I try to apply one, it was so fast that less than ten minutes to apply for success.

Apply certificent

1.Sign in Alibaba Cloud -> “Console” .

2.Find the “Security”->”AliCloud Certificates Service” in the drop-down menu “Products”.

3.Click “Purchase certificate” button and choose certificate type: “Free DV SSL”, other options remain default.

4.In the “My Certificate” can be found in your purchase of “free DV SSL”, you need to click the “Manage” button to complete the information. If your domain provider is Aliyun(Alibaba Cloud), you can easily choose DNS authentication to complete the certification.

5.Wait a moment, the verification is in progress. When you pass it, you can download the key and pem files.

6.In the download page, it will prompt you how to configure the file.

 

Configure the server & Install the certificate

Put your “key” and “pem” files into nginx/cert folder first.

This is an example of nginx, find your nginx.conf and edit it:

# HTTPS server
server {
listen 443;
server_name YOUR_DOMAIN_NAME;
ssl on;
ssl_certificate YOUR_CERT_NAME.pem;
ssl_certificate_key YOUR_CERT_NAME.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / {
}
}

Set the redirect

If you DO NOT want users to use the HTTP protocol to access your site but rather use the HTTPS protocol, you can set 301 redirects

server {
  listen        80;
  server_name   localhost;
  return 301    https://$host$request_uri;
}

Reload the nginx service

sudo service nginx reload

 

Now that all the work has been done, you can visit your website to see the effect.

If it not work, you can try command “lsof -i: 443” to check if the port is occupied.

Good Luck~

From LzSkyline's Blog : https://en.lzskyline.com/archives/403

当前没有任何回复哦,快成为第一个吃螃蟹的人~

    Leave a Reply

    Your email address will not be published. Required fields are marked *