First of all, you need an SSL certificate, you can make it yourself, or you can apply for a free certificate.
Apply for a free certificate of Qiniu
After registering or logging into Qiniu Cloud, click Apply for SSL Certificate, and select [Buy Certificate]
After submitting, select [Complete Information]
After submission, it will be in the status of [to be confirmed], click [Details] to copy the TXT record value.
Set up domain verification
According to the verification method selected by the application, we take DNS verification as an example. Enter the domain name management console (here, Wanwang is used as an example), and add two resolutions.
Download certificate
After a few hours, entering the certificate management shows that the certificate is in the issued state. Click [Details] - [View Certificate] - [Download Certificate], and set the decompression password to download.
After decompression, two files res.changxianggu.com.key and res.changxianggu.com.crt are generated.
Configure nginx
Install nginx and configure the website
Install nginx
yum install nginx
Create a ssl folder in the nginx directory, and upload the certificate file to the server.
Modify the configuration file of nginx
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
server_name res.changxianggu.com;
return 301 https://$host$request_uri;# 用于转发http到https
}
server {
listen 443;
server_name res.changxianggu.com;
ssl on;
ssl_certificate /etc/nginx/ssl/res.changxianggu.com/res.changxianggu.com.crt;
ssl_certificate_key /etc/nginx/ssl/res.changxianggu.com/res.changxianggu.com.key;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/res.changxianggu.com.log;
error_page 500 502 503 504 /50x.html;
error_page 404 /404.html;
location / {
root /usr/share/nginx/html;
index ssl.html;
}
}
}