First, the difference between HTTPS and HTTP
1, https
the agreement needs to ca
apply for a certificate, generally less free certificates, thus requiring a fee.
2, http
hypertext transfer protocol, information is transmitted in the clear, https
it is encrypted with ssl security transmission protocol.
3, http
and https
use is completely different connections, with the port are not the same, the former is 80, which is 443.
4, http
the connection is very simple, is stateless; HTTPS
protocol is a SSL+HTTP
protocol for encrypted transmission may be constructed, a network authentication protocol, than http
protocol security.
Second, how to set up SSL certificates
1, because my server is Tencent, Tencent cloud so enter the official website to find safety SSL证书管理
, as shown:
Click the Free Application for Certificate button, enter the next step:
Select the free version, click OK, the next step:
Fill in the appropriate information, click Next:
Select manual verification, click to confirm your request to enter the details of the application:
2, binding domain
due to my domain name is Ali cloud, so Ali cloud into the console, find the domain name, and then click the button to parse into the parsing, as the operation can be:
Upon completion, the local terminal opens ping oranges.***.***
, if you see the server address, indicating successfully resolved.
Then wait a few minutes on Tencent cloud, refresh the list of certificates, you will find that the certificate has been reviewed by clicking download, download nginx
version locally, you can extract.
3, configure the server certificate
through ssh
on even the server, create a folder in the root directory opt/nginx
.
Then use transmit
or filezilla
upload the extracted files to the above directory. If the upload process does not have permission, please folder permissions to the corresponding file.
The last configuration nginx
, cd /etc/nginx/sites-available
change the configuration file as follows:
server {
listen 80;
server_name oranges.holyzq.com;
server_tokens off;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
ssl on;
ssl_certificate /opt/nginx/orange.crt;
ssl_certificate_key /opt/nginx/orange.key;
root /var/www/orange/public;
index index.html index.htm index.php index.nginx-debian.html;
server_name oranges.holyzq.com;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ .php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
}
}
Attach a complete screenshots:
Restart the Nginx
service, service nginx restart
so far, all operations have been completed, browser access:
Well Done !!!