Remember: with pleasure to run, hard to listen to, with the thinking to develop, with efforts to struggle, with the objective to measure, with love to life.
SSL
Reference Document https://www.jianshu.com/p/66486bdaeeaa
FreeSSL.org application reference https://jingyan.baidu.com/article/2c8c281d8cfb8c0009252a73.html
nginx configuration /etc/nginx/nginx.conf website directory / var / www / html /
step
1. Log https://www.sslforfree.com enter the domain name click Create Free SSL Certificate
2, hand-selected to obtain a certificate file, click Manual Verification button (the middle)
3、
- In the web directory new directory / HTML / public / .well-Known / Acme-Challenge directory, and then download the two files above
Pieces lost in, click on the next two and finally click to download the SSL certificate verification
4, the downloaded certificate archive sslforfree.zip have to extract the three files ca_bundle.crt certificate.crt private.key
Creating conf directory certs will ca_ of content into cer in, cer.crt and put the key in the certs folder
5, nginx configuration listen 443 ssl; # 80 replacing
ssl_certificate /etc/nginx/certs/certificate.crt;
ssl_certificate_key /etc/nginx/certs/private.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
Lock & ssl test site https://www.ssllabs.com/ssltest/
dnspod
Console https://www.dnspod.cn/console/dashboard
Part of the official documentation https://cloud.tencent.com/document/product/400/4143#NginxCertificateOfDeployment
step
SSL certificate configuration file https://www.v2ex.com/t/255778
API_TOKEN in [dnspod account - Users - Security Settings] inside
These files are the best in the / etc / nginx / ssl / sssl / certs /
Then /etc/nginx/conf.d/www.aaa.conf configuration file that contains /etc/nginx/ssl/www.aaa.conf ancillary documents
Finally, restart the service
Two months regularly updated look