Ordinary is just two words: laziness and laziness;
success is just two words: hardship and diligence;
excellence is just two words: you and me.
Follow me to learn JAVA, spring family bucket and linux operation and maintenance knowledge from 0, and take you from an ignorant teenager to the pinnacle of life and marry Bai Fumei!
Follow the WeChat public account [ IT is very reliable ], and share technical experience every day~
[Https] Apply for SSL (CA) certificate + domain name resolution [graphic tutorial]
1 Problems with nginx proxy access?
We applied for the public IP and configured the nginx proxy . You can access the front-end or back-end services of our agent.
Visit the nginx homepage:
Visiting nginx in the above figure shows that it can be accessed normally. But there are still two problems:
(1) The ip address is exposed. It is recommended to do domain name resolution (A record or cname resolution).
(2) The accessed URL is insecure. It is recommended to add an SSL certificate for encrypted transmission. That is, the http request is replaced with an https request.
Solve the existing problems one by one! The prerequisite is to apply for the public network IP and successfully install the nginx proxy server according to the following tutorial.
Install nginx server tutorial: https://blog.csdn.net/IT_Most/article/details/108994627
2 A record domain name resolution
Note: The public domain name applied for in this tutorial on the HUAWEI CLOUD platform serves as a tutorial demonstration. Many other platforms can apply for domain names. The applied domain name is not a top-level domain name (save some money), it is enough as a tutorial demonstration!
2.1 Apply for a domain name
Go to the "Control Panel" page and click on the "Domain Registration" resource.
Then follow the wizard to purchase and apply for a domain name, configure the DNS domain name resolution server...
2.2 resolve domain name to ip
In the list of applied domain names, click the domain name you want to resolve to ip.
Configure DNS domain name resolution server, A record to resolve to public network ip, ssl certificate domain name verification string.
After a while, you can open the cmd command window of any computer with Internet access. Use the ping lewamechine.top command to test whether the domain name is configured and resolved successfully. As shown in the figure below, the domain name was successfully resolved to the specified ip address. If the resolution fails, the domain name not found error will be reported.
3 apply for ssl certificate
3.1 Apply for an ssl certificate
Purchase an ssl certificate.
Choose an area arbitrarily.
Click "Buy Certificate".
Choose free certificate types and certificate brands. For testing, we choose a free domain name~
Click the "Buy Now" button to place an order and pay.
After purchase, you can view the purchased certificate in the certificate list.
3.2 Apply for a certificate
After the certificate is purchased successfully, you need to apply for a certificate, configure and verify the certificate before downloading the certificate file (.crt and .key). Click the "Apply for Certificate" button.
Bind the domain name and fill in the contact information.
Then click the "Submit Application" button, you can see the application progress is 40% in the certificate list, and domain name verification is required!
Domain verification.
Add/modify the TXT type record value parsed by domain name lewamechine.top! The value is the TXT type record value of the SSL domain name verification page.
DNS verification is not necessary, because after the TXT record set is successfully configured, a text message will be sent to notify that the application is approved!
After the review is passed, SMS notification will be sent.
The review progress is 100%.
After passing the review, you can download the ssl certificate.
The ssl certificate compression package provides certificate files suitable for various servers. Such as tomcat, nginx, apache and IIS etc.
Decompress the ssl certificate compression package and take a look.
So far, the SSL certificates of different servers have been applied for and downloaded~
The next chapter will explain the configuration of the ssl certificate on the nginx server with graphics and text to achieve https access! Search WeChat Official Account : IT Special Reliable Or scan the code to enter the WeChat Official Account and send " I want ssl configuration tutorial" to get the tutorial!
