Use HTTPS to visit our site, not only to increase the security of our site, but also to improve the force of our site! I have some experience in building SSL services and CDN for the website, here to share with you, I hope to help in this aspect of the needs of small partners!!
Step 1 Purchase an SSL certificate
Open Ali Cloud > Products and Services > SSL certificate
Step 2 Verify the domain name
After the successful purchase, we need to verify our domain name, so we need to resolve the domain name
- Record type:
TXT - Host record:
hub.fengwenyi.com - Record the value:
Fill in the record values from the table here
Click Save. Then click Verify in the Verify domain
Step 3 Download the certificate
Although the domain name has been verified, the certificate we applied for still needs a period of review.
At this time, we need to download the certificate.
Step 3 Configuration
It should be noted that we are using Nginx
So, we upload the downloaded certificate to the server… / nginx/config/cert directory
Then let’s configure Nginx.
- listen 443 ssl; The SSL protocol access port number is 443. If SSL is not added, Nginx may fail to start.
- server_name hub.fengwenyi.com; # domain name, used instead of the port number to be accessed
- ssl_certificate cert/hub.fengwenyi.com.pem; # Replace domain name.pem with the file name of your certificate.
- ssl_certificate_key cert/hub.fengwenyi.com.key; # Replace domain name.key with the key file name of your certificate.
- ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:! NULL:! aNULL:! MD5:! ADH:! RC4; # Use this encryption suite.
- Ssl_protocols TLSv1 TLSv1.1 TLSv1.2; Configure using this protocol.
Then, we’ll jump to this as well when we access port 80
- rewrite ^(.*)
host$1 permanent; Redirect all HTTP requests to HTTPS via rewrite.
host$1 permanent; Redirect all HTTP requests to HTTPS via rewrite.Nginx is configured as follows:
#user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { listen 80; server_name hub.fengwenyi.com; Change localhost to the domain name bound to your certificate, for example, www.example.com. rewrite ^(.*)$ https://$host$1 permanent; Redirect all HTTP requests to HTTPS via rewrite. location / { proxy_pass http://localhost:5000/; } } server { listen 443 ssl; The SSL protocol access port number is 443. If SSL is not added, Nginx may fail to start. server_name hub.fengwenyi.com; # the domain name, is going to visit the port number used to replace ssl_certificate cert/hub.fengwenyi.com.pem; # Replace domain name.pem with the file name of your certificate. ssl_certificate_key cert/hub.fengwenyi.com.key; # Replace domain name.key with the key file name of your certificate. ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:! NULL:! aNULL:! MD5:! ADH:! RC4; # Use this encryption suite. Ssl_protocols TLSv1 TLSv1.1 TLSv1.2; Configure using this protocol. ssl_prefer_server_ciphers on; location / { proxy_pass http://localhost:5000/; }}}Copy the codeRestart the Nginx
./nginx -s reload
Copy the codepreview
After these operations, the SSL certificate audit is almost complete.
No more words let’s go straight to the interview!
hub.fengwenyi.com
Personal website
www.fengwenyi.com