1. Apply for SSL
a certificate
Here I take Huawei Cloud as an example to apply for a free SSL certificate. The prerequisite for applying is that you must have a domain name. Search directly on the Huawei Cloud console ssl认证
. The steps are very simple, so I won’t go into details here.
- Screenshot after the application is successful.
After the application is successful, Huawei Cloud provides a tutorial for installing the certificate. You can refer to it directly.
2.Configuration nginx
_SSL
The specific configuration is as follows:
HTTPS server
server {
listen 443 ssl;
server_name 域名; # 与申请ssl证书的域名保持一致
ssl_certificate cert/server.crt;
ssl_certificate_key cert/server.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
}
parameter | Parameter Description |
---|---|
listen | SSL access port number, set to "443". |
SSL | Set to "on" to enable the SSL function. |
ssl_certificate | Certificate file "server.crt". Set to the path of the "server.crt" file, and the path cannot contain Chinese characters, such as "cert/server.crt". |
ssl_certificate_key | Private key file "server.key". Set to the path of "server.key", and the path cannot contain Chinese characters, such as "cert/server.key". |
ssl_protocols | protocol used. |
ssl_ciphers | Configure the cipher suite. The writing method follows the OpenSSL standard. |
Note: ssl_certificate
Afterssl_certificate_key
ssl
successfully applying for the certificate, download the certificate, find nginx
a folder that corresponds to these two, nginx/conf
create a cert
file, drag the two folders into it, and rename it.
- server
server {
listen 80;
server_name 域名; # 与申请ssl证书的域名保持一致
rewrite ^/(.*) https://$server_name$request_uri? permanent;
}