Apply for a personal free SSL certificate on Alibaba Cloud
1. Certificate purchase
Log in to the Alibaba Cloud console, search 申请免费证书, and then operate according to the following figure.
2. Certificate application
Open another page to set
After confirmation, first click on the verification click submit review
3. Download the certificate
Fourth, Nginx use certificate
1 Transfer the certificate to the Nginx server that needs the certificate
Find a way to transfer the downloaded certificate compression package to the Nginx server using the certificate
Rename and copy to the load balancing server
[root@development project]# mv {4670741_,}www.sharkyun.com_nginx.zip
[root@development project]# ls
docker-compose.yml Dockerfile mysql www.sharkyun.com_nginx.zip
[root@development project]# docker-compose ps
Name Command State Ports
-----------------------------------------------------------------------
h1 /usr/sbin/init Up
h2 /usr/sbin/init Up
h3 /usr/sbin/init Up
h4 /usr/sbin/init Up
h5 /usr/sbin/init Up
project_db1_1 docker-entrypoint.sh Up 3306/tcp, 33060/tcp
mysqld
project_db2_1 docker-entrypoint.sh Up 3306/tcp, 33060/tcp
mysqld
[root@development project]# docker cp www.sharkyun.com_nginx.zip h1:/root/
Enter the load balancing server
[root@development project]# docker-compose exec h1 bash
[root@h1 /]# cd
[root@h1 ~]# ls
anaconda-ks.cfg www.sharkyun.com_nginx.zip
[root@h1 ~]#
Create a certificate directory
[root@h1 ~]# mkdir /etc/nginx/cert/
Unzip the certificate file to the certificate directory
[root@h1 ~]# yum -y install unzip
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
* base: mirrors.tuna.tsinghua.edu.cn
* extras: mirrors.huaweicloud.com
* updates: mirror.bit.edu.cn
Package unzip-6.0-21.el7.x86_64 already installed and latest version
Nothing to do
[root@h1 ~]# unzip www.sharkyun.com_nginx.zip -d /etc/nginx/cert/
Archive: www.sharkyun.com_nginx.zip
Aliyun Certificate Download
inflating: /etc/nginx/cert/4670741_www.sharkyun.com.pem
inflating: /etc/nginx/cert/4670741_www.sharkyun.com.key
Enter the certificate directory and modify the name
[root@h1 ~]# cd /etc/nginx/cert/
[root@h1 cert]# ls
4670741_www.sharkyun.com.key 4670741_www.sharkyun.com.pem
[root@h1 cert]# mv {4670741_,}www.sharkyun.com.key
[root@h1 cert]# mv {4670741_,}www.sharkyun.com.pem
[root@h1 cert]# ls
www.sharkyun.com.key www.sharkyun.com.pem
2 Configure the certificate
Then install the following steps to deploy and configure
[root@nginx ~]# cd /etc/nginx/conf.d/
[root@nginx conf.d]# vim nginx_ssl.conf
[root@nginx conf.d]# cat /etc/nginx/conf.d/nginx_ssl.conf
server {
listen 443 ssl; #https端口
server_name www.testpm.cn;
access_log /var/log/nginx/https_access.log main;
ssl_certificate /etc/nginx/cert/www.testpm.cn.pem; #指定证书路径
ssl_certificate_key /etc/nginx/cert/www.testpm.cn.key; #指定私钥路径
ssl_session_timeout 5m; #配置用于SSL会话的缓存
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #指定使用的协议
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; #密码指定为OpenSSL支持的格式
ssl_prefer_server_ciphers on; #设置协商加密算法。
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
}
After the client's hostsfile parsing www.sharkyun.comafter address for this Nginx server, and then use the browser to accesshttps://www.sharkyun.com
Or resolve your domain name to public IP on the Internet