Nginx configures SSL to use Https

First of all, you need an SSL certificate, you can make it yourself, or you can apply for a free certificate.

Apply for a free certificate of Qiniu

After registering or logging into Qiniu Cloud, click Apply for SSL Certificate, and select [Buy Certificate]

After submitting, select [Complete Information]

After submission, it will be in the status of [to be confirmed], click [Details] to copy the TXT record value.

Set up domain verification

According to the verification method selected by the application, we take DNS verification as an example. Enter the domain name management console (here, Wanwang is used as an example), and add two resolutions.

Download certificate

After a few hours, entering the certificate management shows that the certificate is in the issued state. Click [Details] - [View Certificate] - [Download Certificate], and set the decompression password to download.

After decompression, two files res.changxianggu.com.key and res.changxianggu.com.crt are generated.
Configure nginx
Install nginx and configure the website
Install nginx
yum install nginx
Create a ssl folder in the nginx directory, and upload the certificate file to the server.

Modify the configuration file of nginx

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    include /etc/nginx/conf.d/*.conf;

    server {
        listen       80;
        server_name  res.changxianggu.com;
        return 301 https://$host$request_uri;# 用于转发http到https
    }
    server { 
	listen 443;
	server_name res.changxianggu.com;
    ssl on;
	ssl_certificate /etc/nginx/ssl/res.changxianggu.com/res.changxianggu.com.crt;
	ssl_certificate_key /etc/nginx/ssl/res.changxianggu.com/res.changxianggu.com.key;
	ssl_session_cache builtin:1000 shared:SSL:10m;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
	ssl_prefer_server_ciphers on;
	access_log /var/log/nginx/res.changxianggu.com.log;
        error_page   500 502 503 504  /50x.html;
        error_page 404 /404.html;
        location / { 
			root /usr/share/nginx/html;
			index ssl.html;
		}
    }
}