Table of contents
1. Alibaba Cloud applies for a free SSL certificate
1. Open the Alibaba Cloud SSL Certificate page and click "Buy SSL Certificate"
2. Log in to the Alibaba Cloud SSL Certificate Management Console
3, Select "SSL Certificate" - "Free Certificate" - "Certificate Application"
4, Fill out the certificate application form
Second, nginx adds ssl certificate
1. Turn off the firewall core protection
2. Create a file to store the certificate and put it in the directory
3. Generate a certificate and remove the password of the private key
4. Add the ssl module to the installation directory
5. Compile the configuration file
1. Alibaba Cloud applies for a free SSL certificate
1. Open the Alibaba Cloud SSL Certificate page and click "Buy SSL Certificate"
2. Log in to the Alibaba Cloud SSL Certificate Management Console
3, Select "SSL Certificate" - "Free Certificate" - "Certificate Application"
4, Fill out the certificate application form
Second, nginx adds ssl certificate
1. Turn off the firewall core protection
2. Create a file to store the certificate and put it in the directory
[root@tomcat188 opt]#mkdir /usr/local/nginx/ssl_key
[root@tomcat188 opt]#cd /usr/local/nginx/ssl_key/
Certificate Authority, create private key
(This machine is the CA)
openssl genrsa -idea -out server.key 2048
2048 means that the more digits the more secure, the more common are 2048, 4096
3. Generate a certificate and remove the password of the private key
openssl req -days 3650 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt
req represents the request for certificate output
-days 3650 time=10 years
-x509 Issue x509 format certificate command
-newkey This option creates a new certificate request and a new private key. This parameter takes one of the following forms. rsa:nbits (where nbits is the number of bits) generates an RSA key of size nbits
-key key
-new means a new request
-out output path
4. Add the ssl module to the installation directory
cd /opt/nginx-1.15.9/
./configure --prefix=/usr/local/nginx --add-module=/usr/local/nginx-module-vts-master/ --prefix=/usr/local/nginx --with-http_ssl_module
make
don't make install
shut down service
Then replace the nginx in the installation directory with the nginx just compiled in the source code
View installation modules
Nginx -V
5. Compile the configuration file
echo "<h1>this is https wxj</h1>" > /https-wxj/index.html
windows add address mapping
rewrite address rewrite (https redirect to http)
because /usr/local/nginx/conf/nginx.conf
Modify port 80
Restart, test visit http://www.kya.com