1. Register an Alibaba Cloud account and apply for an SSL certificate on Alibaba Cloud
Register Alibaba Cloud account and log in to
enter the SSL certificate:
Buy now:
Choose a free certificate:
Pay:
confirm payment:
Successful payment, enter the console:
To apply for a certificate, you need to enter the domain name, because the certificate is bound to the domain name, free of charge can only support a single domain name:
Fill in the certificate information and select manual DNS verification
Remember the record type, host record, record value, and then add to the domain name resolution
Add a TXT resolution to the domain name resolution, and then determine:
At this point, the application for the SSL certificate is completed. After the completion, wait for the CA center certification. Generally, you can verify the success on the same day
2. Install nginx web server
Official website installation instructions address: http://nginx.org/en/linux_packages.html#RHEL-CentOS
New file: /etc/yum.repos.d/nginx.repo
Save file content:
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ gpgcheck=1 enabled=1 gpgkey=https://nginx.org/keys/nginx_signing.key The description is as follows:
After saving the file, enter the following command to install nginx, so that you can install the latest version of nginx
yum install nginx
Prompt for installation input: y, as shown
Update the key input: y, as shown
Installation is complete!
You can perform the following operations
systemctl start nginx.service #启动nginx服务
systemctl stop nginx.service #关闭nginx服务
systemctl restart nginx.service #重启nginx服务
systemctl status nginx.service #查看nginx服务运行状态
After starting nginx, check nginx port listening
systemctl start nginx.service
netstat -tnlp
Listened to port 80, as shown in the figure:
3. Configure SSL certificate to make the website support https secure access
If the second step certificate application is passed, we need to download the certificate, as shown in the figure:
Download the certificate:
After downloading, there are two files in the compressed package: one is a pem file, and the other is a key file. Put it in a specified directory on the server. If I put it in / opt / cert /, as shown in the figure:
Open the nginx configuration file: /etc/nginx/conf.d/default.conf
Clear all the original content, enter the new content as follows:
server {
listen 443;
server_name www.yourdomain.com; #你的申请过证书的域名 client_max_body_size 64M; fastcgi_read_timeout 3600; error_page 500 502 503 504 /50x.html; root /usr/share/nginx/html; try_files $uri $uri/ @rewrite; ssl on; ssl_certificate /etc/nginx/cert/www.yourdomain.com.pem; # 证书pem文件,根据自己证书的所在位置 ssl_certificate_key /etc/nginx/cert/www.yourdomain.com.key; # 证书key文件,根据自己证书的所在位置 ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置 ssl_prefer_server_ciphers on; } Pay attention to three places here
- Your domain name that has applied for a certificate
- Certificate pem file, according to the location and name of your certificate
- Certificate key file, according to the location and name of your certificate
After the configuration is complete, restart the nginx service:
systemctl restart nginx.service
Finally, resolve the domain name you need to access
After waiting for the domain name resolution to take effect, you can access your website through https and domain name, as shown in the figure:
