Website https settings sll application and nginx jump configuration
Choose 1 year here
Click
here to apply for a certificate. Note that you need to write file verification.
File verification. Upload the file to the specified directory of the server. After the DNS is resolved, access the file to complete the verification.
Manual DNS verification. Change the DNS resolution of the domain name to a verified record value (disadvantage, if it is a non-Alibaba Cloud DNS This method may not be supported for verification)
Here, please write file verification
Operate as required
Upload the txt file
in the downloaded compressed package and create a new folder
mkdir /home/test/well-known/pki-validation -p in the home directory to
copy the txt file to the specified directory
mv fileauth.txt /home/test/well-known/pki -validation/
Note that you need to change your own DNS here
Here is nginx configuration
Anyway, no matter how you configure it, you can just
enter the URL and display the content in the text when you test it yourself.
Then verify and submit for review
Follow the tutorial to start deploying the certificate
Let me give an example of the
official nginx tutorial: https://help.aliyun.com/document_detail/98728.html?spm=5176.14113079.0.0.3e4756a7Y0Eb5f
Upload
Change configuration file
#以下属性中以ssl开头的属性代表与证书配置有关,其他属性请根据自己的需要进行配置。server {
listen 443 ssl; #配置HTTPS的默认访问端口号为443。此处如果未配置HTTPS的默认访问端口,可能会造成Nginx无法启动。Nginx 1.15.0以上版本请使用listen 443 ssl代替listen 443和ssl on。
server_name www.certificatestests.com; #将www.certificatestests.com修改为您证书绑定的域名,例如:www.example.com。如果您购买的是通配符域名证书,要修改为通配符域名,例如:*.aliyun.com。
root html;
index index.html index.htm;
ssl_certificate cert/domain name.pem; #将domain name.pem替换成您证书的文件名称。
ssl_certificate_key cert/domain name.key; #将domain name.key替换成您证书的密钥文件名称。
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #使用此加密套件。
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #使用该协议进行配置。
ssl_prefer_server_ciphers on;
location / {
root html; #站点目录。
index index.html index.htm;
}
}
The final effect
https access to the website can be directly accessed without a security prompt
Errors encountered
Reference blog: https://www.cnblogs.com/michaelcnblogs/p/12832411.html
Error 1:
nginx: [emerg] the "ssl" parameter requires ngx_http_ssl_module in /usr/loca
Solution: Refer to https://www.cnblogs.com/ghjbk/p/6744131.html
The reason is also very simple. Nginx lacks the http_ssl_module module. When compiling and installing, just take the –with-http_ssl_module configuration, but the current situation is that my nginx has been installed. Find the package that installs nginx and
switch to the source package:
cd /usr/local/src/nginx-1.11.3
Then our new configuration information should be written like this:
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
Just run the above command, wait until the configuration is complete
After the configuration is complete, run the command
make
Don’t do make install here, otherwise it will overwrite the installation
and then back up the original installed nginx
cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
Then overwrite the original nginx with the newly compiled nginx (this time nginx will stop)
cp ./objs/nginx /usr/local/nginx/sbin/
Then start nginx, you can still check whether it has been added successfully through the command
/usr/local/nginx/sbin/nginx -V
This is to restart nginx after modifying the configuration configuration file.
nginx: [alert] kill(189, 1) failed (3: No such process)
重新指向配置文件
/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
重启nginx
/usr/local/nginx/sbin/nginx -s reload