Migrating to HTTPS much trouble, why toss?

My blog site is using the HTTP protocol, using the Google Chrome browser to access the address bar will prompt unsafe.

This makes very uncomfortable, Ever since, tossing from HTTPS ...

 

Why are generally reluctant to move?

• Purchase certificates, money, long ago certificate is an annual fee. Now the use of cloud servers, free general can apply for a certificate.
• Configuring the operating certificate is a bunch of trouble; it comes to content is also more
• Server authentication, encryption and decryption of communications, there is definitely extra cost, speed will certainly be slow

 

Migrating to HTTPS or necessary

• Browser when you visit the site of the HTTP protocol, the address bar will prompt "unsafe", I feel very friendly to users; Google Chrome browser address bar to the left of the HTTPS protocol sites on the addition of a representation of safety " lock".
• Many open platform already binding requirements url must be HTTPS protocol, such as micro-channel, Apple, Android open platform. I personally want to do a small program, url must be HTTPS, or else simply can not play.
• Google, Baidu search engine site rankings lowered the HTTP protocol, HTTPS right to increase the site's heavy.
• HTTPS security than HTTP, SSL layer added, with a certificate to verify the identity of the server, and encrypted communication between the browser and server
• HTTPS traffic operators can effectively prevent hijacking, prevent your site inexplicable pop ads

Helpless, "Do you want to migrate to HTTPS" problem, it becomes a "how to migrate to HTTPS" problem.

 

Request a certificate and configuration

I added a layer of Ali cloud server nginx, moving to HTTPS quite simple.

This reference document, a one-time fix

https://help.aliyun.com/document_detail/98728.html?spm=5176.2020520163.0.0.2c6bizEHizEHt6

The main steps:

• Request a free ssl certificate, only a year, not due to unknown charges.
• Download .pem certificate file, and .key key file, modify the name
• nginx / conf directory to build cert, put the certificate and key files
• Modify the file nginx.conf

# 开启443端口
# 以下属性中以ssl开头的属性代表与证书配置有关，其他属性请根据自己的需要进行配置。
server {
 listen 443 ssl;   #SSL协议访问端口号为443。此处如未添加ssl，可能会造成Nginx无法启动。
 server_name localhost;  #将localhost修改为您证书绑定的域名
 root html;
 index index.html index.htm;
 ssl_certificate cert/domain name.pem;   #将domain name.pem替换成您证书的文件名。
 ssl_certificate_key cert/domain name.key;   #将domain name.key替换成您证书的密钥文件名。
 ssl_session_timeout 5m;
 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;  #使用此加密套件。
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;   #使用该协议进行配置。
 ssl_prefer_server_ciphers on;   
 location / {
  root html;   #站点目录。
  index index.html index.htm;   
 }
}     

• Nginx.conf save the configuration file, restart or reload nginx service
• Modify nginx configuration, so that the HTTP url, redirect to HTTPS

server {
 listen 80;
 server_name localhost;   #将localhost修改为您证书绑定的域名
 rewrite ^(.*)$ https://$host$1 permanent;   #将所有http请求通过rewrite重定向到https
 location / {
  index index.html index.htm;
 }
}

 

PS：

• Let's Encrypt can also apply for free certificates are of short duration, 90 days, to be updated regularly
• https://www.ssllabs.com/  can test the security level of the site

 

 

---

[Java interview questions and answers To arrange recommend

• Basic and Grammar
• set
• network programming
• Concurrent Programming
• Web
• Safety
• Design Patterns
• frame
• Algorithms and Data Structures
• abnormal
• File parsing and generation
• Linux
• MySQL
• Oracle
• Redis
• Dubbo