1 Generating a common certificate
1.1 Install nginx
- First go to the
nginx
official website atnginx
http://nginx.org/en/download.html
1.2 Start nginx
双击
Start service
1.3 OpenSSL
Download OpenSSL http://slproweb.com/products/Win32OpenSSL.html
The download is complete and installed to
C:\OpenSSL-Win64
1.4 Configure environment variables
- Computer→Properties→Advanced System Settings→Advanced→Environment Variables
- System Variables → New
OPENSSL_HOME
variable valueC:\OpenSSL-Win64
- System Variables→Find Path Variables→Edit
- Enter %OPENSSL_HOME%; at the end of the variable value (note whether there is a; number at the end of the variable value of the original Path, if not, enter the number first, and then enter the code above)
1.5 Generate https certificate
1.5.1 Create a private key
openssl genrsa -des3 -out 2_www.p2pi.cn.key 1024 // 2_www.p2pi.cn 自己取的名字
1.5.2 Create csr certificate
openssl req -new -key shidian.key -out 1_www.p2pi.cn_bundle.csr
1.5.3 Delete password
2_www.p2pi.cn.key
Renamed to2_www.p2pi.cn.key.org
openssl rsa -in 2_www.p2pi.cn.key.org -out 2_www.p2pi.cn.key
1.5.4 Generate crt certificate
openssl x509 -req -days 365 -in 1_www.p2pi.cn_bundle.csr -signkey 2_www.p2pi.cn.key -out 1_www.p2pi.cn_bundle.crt
2 Tencent Cloud free certificate
2.1 Obtain a free SSL certificate from Tencent
Tencent free ssl certificate acquisition link: https://console.cloud.tencent.com/ssl
Note: If you did not perform real-name authentication on Tencent Cloud when applying, you will first jump to real-name authentication.
The following is a free application page, which can be used for 1 year by default.
2.2 Add TXT information under the domain name
Reference URL: https://cloud.tencent.com/document/product/400/4142
2.3 Download SSL certificate
3 Nginx configuration HTTPS domain name certificate
3.1 Install the SSL module
To configure nginx in https, you must install the ssl module, which is: http_ssl_module
.
- Enter the decompression directory of nginx: /opt/module/software/nginx-1.16.1
- Added ssl module (the original modules need to be retained)
./configure \
--prefix=/usr/local/nginx \
--pid-path=/var/run/nginx/nginx.pid \
--lock-path=/var/lock/nginx.lock \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--with-http_gzip_static_module \
--http-client-body-temp-path=/var/temp/nginx/client \
--http-proxy-temp-path=/var/temp/nginx/proxy \
--http-fastcgi-temp-path=/var/temp/nginx/fastcgi \
--http-uwsgi-temp-path=/var/temp/nginx/uwsgi \
--http-scgi-temp-path=/var/temp/nginx/scgi \
--with-http_ssl_module
3.2 Compile and install
make
make install
3.3 Nginx configuration
- Copy the ssl certificate *.crt and private key *.key to the /usr/local/nginx/conf directory.
- Added server listening on port 443
server {
listen 443;
server_name www.p2pi.cn;
# 开启ssl
ssl on;
# 配置ssl证书
ssl_certificate 1_www.p2pi.cn_bundle.crt;
# 配置证书秘钥
ssl_certificate_key 2_www.p2pi.cn.key;
# ssl会话cache
ssl_session_cache shared:SSL:1m;
# ssl会话超时时间
ssl_session_timeout 5m;
# 配置加密套件,写法遵循 openssl 标准
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://tomcats/;
4 Related information
- The blog post is not easy, everyone who has worked so hard to pay attention and praise, thank you