How to set up a Linux server SSL certificate to the project

Others 2020-03-17 20:20:53 views: null

First, the difference between HTTPS and HTTP

1, httpsthe agreement needs to caapply for a certificate, generally less free certificates, thus requiring a fee.
2, httphypertext transfer protocol, information is transmitted in the clear, httpsit is encrypted with ssl security transmission protocol.
3, httpand httpsuse is completely different connections, with the port are not the same, the former is 80, which is 443.
4, httpthe connection is very simple, is stateless; HTTPSprotocol is a SSL+HTTPprotocol for encrypted transmission may be constructed, a network authentication protocol, than httpprotocol security.

Second, how to set up SSL certificates

1, because my server is Tencent, Tencent cloud so enter the official website to find safety SSL证书管理, as shown:

Click the Free Application for Certificate button, enter the next step:

Select the free version, click OK, the next step:

Fill in the appropriate information, click Next:

Select manual verification, click to confirm your request to enter the details of the application:

2, binding domain
due to my domain name is Ali cloud, so Ali cloud into the console, find the domain name, and then click the button to parse into the parsing, as the operation can be:

Upon completion, the local terminal opens ping oranges.***.***, if you see the server address, indicating successfully resolved.

Then wait a few minutes on Tencent cloud, refresh the list of certificates, you will find that the certificate has been reviewed by clicking download, download nginxversion locally, you can extract.

3, configure the server certificate
through sshon even the server, create a folder in the root directory opt/nginx.
Then use transmitor filezillaupload the extracted files to the above directory. If the upload process does not have permission, please folder permissions to the corresponding file.
The last configuration nginx, cd /etc/nginx/sites-availablechange the configuration file as follows:

server {
		listen 80;
		server_name oranges.holyzq.com;
		server_tokens off;
		location / {
		  return 301 https://$host$request_uri;
		}
}

server {
       listen       443 ssl;
       ssl on;
       ssl_certificate       /opt/nginx/orange.crt;
       ssl_certificate_key    /opt/nginx/orange.key;
        
        root /var/www/orange/public;
        
        index index.html index.htm index.php index.nginx-debian.html;
        
        server_name oranges.holyzq.com;
        
        location / {
                try_files $uri $uri/ /index.php?$query_string;
        }
        
        location ~ .php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/run/php/php7.2-fpm.sock;
        }
}

Attach a complete screenshots:

Restart the Nginxservice, service nginx restart
so far, all operations have been completed, browser access:

Well Done !!!

huangdj321
Published 14 original articles · won praise 1 · views 95
Private letter concerns

Guess you like

Origin blog.csdn.net/huangdj321/article/details/104929418
Recommended
Ranking
Linux关机和重启详解(shutdown、halt、poweroff、reboot、init)
Netty work notes 0007---NIO's three core component relationships
Knife4j tutorial
2021.10.29,内容:什么时候用接口和抽象类
How to solve the problem that changing the memory frequency causes the computer to become unusable?
SpringMVC Tutorial - Controller
linux learning skills -Linux 25 transport Vega paid special privileges and facl extension
Financial quarterly report evaluation report data automatic generation 1.0
Agile Development Series - The Values of Agile Development
scrapy achieve browsercookie Middleware
Daily
More
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)

Code World

© 2018 codetd.com