In January 2017, Apple will enforce the ATS protocol, and all file requests will be transmitted over the https protocol.
The company's image service does not support https requests. For the traffic of Apple clients, it must be upgraded
After a day of hard work, to solve the problem, record the approximate solution steps:
1. First understand some basic concepts of https, CA, SSL on the Internet
2. After you have the general direction, then check how to operate on nginx
main reference
http://blog.csdn.net/sand_ant/article/details/10507447
http://blog.chinaunix.net/uid-20639775-id-3213595.html
3.nginx -V Check whether ngxin supports TLS SNI protocol,
TLS SNI support enabled, fortunately, it shows enabled
4. Configure a server for each domain name
server{
listen 443;
ssl on;
ssl_certificate /etc/nginx/conf.d/ssl/cer_n.crt;
ssl_certificate_key /etc/nginx/conf.d/ssl/cer_n.key;
server_name domain_n;
location / {
//location configuration omitted
}
}
5. Find a CA to apply for a certificate for each domain name, and put the certificate in the path configured by the server
6.service nginx restart
7. Browser access verification with https