1. Apply for SSLa certificate
Here I take Huawei Cloud as an example to apply for a free SSL certificate. The prerequisite for applying is that you must have a domain name. Search directly on the Huawei Cloud console ssl认证. The steps are very simple, so I won’t go into details here.
- Screenshot after the application is successful.
After the application is successful, Huawei Cloud provides a tutorial for installing the certificate. You can refer to it directly.
2.Configuration nginx_SSL
The specific configuration is as follows:
HTTPS server
server {
listen 443 ssl;
server_name 域名; # 与申请ssl证书的域名保持一致
ssl_certificate cert/server.crt;
ssl_certificate_key cert/server.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
}
| parameter | Parameter Description |
|---|---|
| listen | SSL access port number, set to "443". |
| SSL | Set to "on" to enable the SSL function. |
| ssl_certificate | Certificate file "server.crt". Set to the path of the "server.crt" file, and the path cannot contain Chinese characters, such as "cert/server.crt". |
| ssl_certificate_key | Private key file "server.key". Set to the path of "server.key", and the path cannot contain Chinese characters, such as "cert/server.key". |
| ssl_protocols | protocol used. |
| ssl_ciphers | Configure the cipher suite. The writing method follows the OpenSSL standard. |
Note: ssl_certificateAfterssl_certificate_keyssl successfully applying for the certificate, download the certificate, find nginxa folder that corresponds to these two, nginx/confcreate a certfile, drag the two folders into it, and rename it.
- server
server {
listen 80;
server_name 域名; # 与申请ssl证书的域名保持一致
rewrite ^/(.*) https://$server_name$request_uri? permanent;
}