Foreword
After buying the domain name server and really do whatever they want, they find their own websites always prompt unsafe, so I think to get a certificate. Tencent has just certificate free application on the cloud, so you get one.
Request a certificate
My certificate is Tencent cloud applications quickly is also very convenient, specifically how to operate, not to say. After downloading the application better.
After extracting obtain the following documents
Upgrade nginx
I found on my last nginx server actually installed the 1.6.2 version is too low and does not support ssl. Ssl support requires nginx 1.10.1 above. So I directly upgrade to version 1.16.1 up.
Upgrading is simple, unzip the downloaded installation package.
tar -zxvf nginx-1.16.1.tar.gz
cd nginx-1.16.1
#重新添加这个ssl模块
./configure --with-http_ssl_module
make
Do not make install. Nginx command will copy past it.
cp objs/nginx /usr/local/nginx/sbin/nginx
update successed.
Configure certificates
We increase the allocation in the nginx.conf
server {
#SSL 访问端口号为 443
listen 443 ssl;
#填写绑定证书的域名
server_name quellanan.xyz/;
#证书文件名称
ssl_certificate 1_quellanan.xyz_bundle.crt;
#私钥文件名称
ssl_certificate_key 2_quellanan.xyz.key;
ssl_session_timeout 5m;
#请按照以下协议配置
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
#网站主页路径。此路径仅供参考,具体请您按照实际目录操作。
root /var/www/hexo;
index index.php index.html index.htm default.php default.htm default.html;
}
}
But also increase the map a port 80.
server {
listen 80;
server_name quellanan.xyz;
rewrite ^/(.*)$ https://quellanan.xyz:443/$1 permanent;
}
Thus configured, restart nginx service, but can not find https access, get a night did not come out.
Details may be found in this issue:
Tencent cloud configured ssl certificate, the browser can not access?