Recently, due to the need to upgrade the http domain name to https in the WeChat applet, write this article to record the experience of stepping on the pit
Step 1: Apply for a free SSL certificate in Alibaba Cloud or Tencent Cloud
Take Alibaba Cloud as an example, search for the SSL certificate, after opening it, choose to purchase the certificate (there are free, and you need to go through the purchase process) as shown in the figure
After the purchase is successful, find the certificate in the SSL certificate list, then click certificate application, enter the domain name and other information, and submit it, and it will be approved in about 10 minutes
You can download the certificate. Because I use nginx, the server type is nginx. After the downloaded file is decompressed, there are two files, pem/key.
Step 2: Install and configure nginx
1.cd to the path of the nginx installation package
2. Compile
./configure --prefix=/usr --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --pid-path=/var/run/nginx/nginx.pid --lock-path=/var/lock/nginx.lock --user=nginx --group=nginx --with-http_ssl_module --with-http_flv_module --with-http_gzip_static_module --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/tem/nginx/client --http-proxy-temp-path=/var/tem/nginx/proxy --http-fastcgi-temp-path=/var/tem/nginx/fcgi --with-http_stub_status_module
3. Installation
make && make install
Note: View the installation path
whereis nginx
4. Start (pay attention to the path etc., the third step to repair nginx.conf is also modified here)
nginx -c /etc/nginx/nginx.conf
5. Verify that the configuration file is correct (if the configuration file is modified)
nginx -t -c /etc/nginx/nginx.conf
6. Firewall configuration allows HTTP and HTTPS communication
sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --reload
7. Stop/start nginx service
nginx -s stop
nginx -s start
8. Check whether nginx started successfully
ps -ef | grep nginx
Step 3: Configure HTTPS
1. Connect to the server, find the nginx.conf directory, and upload the pem/key obtained in the first step
2. Open nginx.conf in the above path
3. Find this node and replace it as follows, see the notes for details, the pem/key name needs to be changed to the corresponding
My pem/key is in the same directory as nginx.conf, so there is no need to write the path, just write the name.
# HTTPS server
#
server {
listen 443 ssl;
server_name localhost;
ssl_certificate www.soulkey.live.pem; #将**.pem替换成您证书的文件名。
ssl_certificate_key www.soulkey.live.key; #将**.key替换成您证书的密钥文件名。
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #使用此加密套件。
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #使用该协议进行配置。
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
4. Then close and start, you can access through https
nginx -s stop
nginx -c /etc/nginx/nginx.conf
Note: If it is an Alibaba Cloud server, you need to configure the response port in the security group for normal access.