Tools: WinSCP, putty
1. Download the certificate
- cloud.tencent.com_bundle.crt certificate file
- cloud.tencent.com_bundle.pem certificate file (this file can be ignored)
- cloud.tencent.com.key private key file
- cloud.tencent.com.csr CSR file
2. Upload the certificate to the server
Copy the obtained cloud.tencent.com_bundle.crt certificate file and cloud.tencent.com.key private key file from the local directory to the /etc/nginx directory of the Nginx server through WinSCP (here is the default installation directory of Nginx, please Operate according to the actual situation).
3. Configure SSL
The following two methods are available.
① The first method: first edit the nginx.conf file in the root directory of Nginx. Add the following content:
Then edit the default file under sites-enabled in the nginx root directory and add the following content:
The test was successful.
②The second method: edit the default file under sites-enabled in the root directory of nginx. The modification is as follows:
server {
#SSL 默认访问端口号为 443
listen 443 ssl;
#请填写绑定证书的域名
server_name cloud.tencent.com;
#请填写证书文件的相对路径或绝对路径
ssl_certificate cloud.tencent.com_bundle.crt;
#请填写私钥文件的相对路径或绝对路径
ssl_certificate_key cloud.tencent.com.key;
ssl_session_timeout 5m;
#请按照以下协议配置
ssl_protocols TLSv1.2 TLSv1.3;
#请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
#网站主页路径。此路径仅供参考,具体请您按照实际目录操作。
#例如,您的网站主页在 Nginx 服务器的 /etc/www 目录下,则请修改 root 后面的 html 为 /etc/www。
root html;
index index.html index.htm;
}
}
4. Verify and restart nginx
nginx -t
service nginx restart