Go to Tencent Cloud to apply for a free one-year ssl certificate. can be downloaded.
nginx configuration
server {
listen 80;
listen 443 ssl;
server_name XXXX.net www.XXXX.net;
index index.php index.html index.htm;
ssl_certificate/ssl/1_www.XXXX.net_bundle.crt;
ssl_certificate_key/ssl/2_www.XXXX.net.key;
ssl_session_timeout5m;
ssl_ciphersECDHE-RSA-AES128-GCM-SHA256: ECDHE: ECDH: AES: HIGH:! NULL:! aNULL:! MD5:! ADH:! RC4;
ssl_protocolsTLSv1 TLSv1.1 TLSv1.2;
#ssl_protocolsTLSv1.2;
ssl_prefer_server_cipherson;
location / {
default_type text/html;
subs_filter_types text/css text/xml;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Referer https://www.dongyicc.com;
proxy_set_header Host www.XXXX.com;
proxy_pass https://www.XXXX.com;
proxy_set_header Accept-Encoding "";
}
}
open 443
/etc/init.d/iptables save
service iptables restart