Step 1: Download Nginx
Download the software package corresponding to the platform system and version from the official website: nginx news , and decompress it to the specified directory.
Step 2: Edit Nginx configuration
Open the downloaded nginx.conf
file with a text editor, modify or directly copy and paste the following content:
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://localhost:8888;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
server {
listen 443 ssl;
server_name localhost;
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:8888;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
}
Step 3: Apply for an SSL certificate
Apply for a free domain name certificate in the background of your service provider.
For example, Alibaba Cloud, the operation steps are roughly as follows:
- background open
数字证书管理服务 / SSL证书 / 免费证书
- Click "Buy Now" and pay 0 yuan to get 20 free certificates
- Click Create Certificate
- Click Apply for Certificate on the right side of the created certificate (use manual DNS verification for verification, do not use file verification)
For other service providers, please find the application position of the free certificate according to the actual situation. And according to the requirements of the service provider, apply for a free certificate.
Step 4: Download the SSL certificate
After applying for a free certificate from your service provider, find the certificate and select Download. The server selects Nginx, and the certificate format is pem/key
Rename the two downloaded certificate files to: cert.pem
and cert.key
Put the two certificate files ( cert.pem
, cert.key
) in nginx.conf
the same directory as the nginx configuration file ( ), and start/restart the nginx server to complete. Now, you can access your domain name using https.
other questions
The SSL certificate has expired, how to replace it?
-
Repeat the above Apply for SSL certificate and Download SSL certificate again
-
Upload the
cert.pem
andcert.key
file to the directory of the server/www/nginx/conf
to overwrite the original certificate -
Operate the above restart nginx steps again
How to set the domain name to force redirection to https?
- Open it with a text editor , remove the location
nginx.conf
in the first server part , and change it to , the modified effect is as follows (you can directly copy and replace the original content):rewrite ^(.*)$ https://$host$1 permanent;
events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; server { listen 80; server_name localhost; rewrite ^(.*)$ https://$host$1 permanent; } server { listen 443 ssl; server_name localhost; ssl_certificate cert.pem; ssl_certificate_key cert.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://localhost:8888; proxy_set_header Host $http_host; proxy_set_header X-Forward-For $remote_addr; } } }
2. Restart nginx.