HTTP Upgrade HTTPS process, Nginx configuration smooth upgrade

HTTP is a plaintext request, and its domain name, path, and parameters are clearly visible to the middleman. You can open an HTTP site using Google Chrome and find that Chrome marks the site as unsafe on the left side of the url. Google is encouraging all websites to use HTTPS, and with major players taking security and user privacy seriously, it’s time to take a look at HTTPS.

After Google Chrome version V68.0.3440.75, when loading non-HTTPS sites, the address bar is marked as “Not Secure”. This is more than just a token, it represents the security of information, so HTTPS is becoming more and more important. However, HTTPS certificates are expensive, and many people feel they can’t afford them. But big factory of a lot of science and technology rolled out free certificate one after another now, if ali cloud, Tencent cloud, Let’s Encrypt is waited a moment, this of course has deadline, it is a year or so commonly, nevertheless the individual is enough also used, very good also apply for.

The following details on how to white piao Ali cloud certificate, not much to say, directly on the talent.

Need to prepare

• Register ali cloud account, haven’t registered friends click me.
• Have your own domain name. (my domain name blog. Ydydydq.cn, also put on record, hey hey)
• Nginx is installed on the server. Ali Cloud will verify the domain name first, and then configure HTTPS related things.

The key head play

I. Apply for aliyun free certificate

• Enter SSL in the search field

• Selecting certificates

• Select a single domain name –DV domain level SSL– free version, you can see the bottom is 0.00 yuan, click to buy

• After the payment is successful, we will be prompted. After the purchase, we can go to the certificate console to apply for the certificate

• Click Apply certificate

• Then pop up the right window, fill in the corresponding information, and click Next

• Click download the proprietary validation file (don’t close the page, etc need to come back click the validation button), unzip and I can get a fileauth.txt file

Verify the domain name

• Validation will be performed on our server in the root directory, create two new “well-known/ PKI-validation” folders, and upload the fileauth. TXT file to the root directory. Window view hidden files shortcut key Ctrl+ Alt + H; MAC shortcut command+ Shift +.)

• Go to the Nginx configuration file, set the root path, and restart Nginx. Then go back to the web page and click the “Verify” button. If you have not passed the verification, please check the configuration of Nginx carefully. If you have not passed the verification, please leave a message to me.

3. Download the certificate, upload the certificate to the server, and configure Nginx

• As long as we pass the verification, we can download the corresponding certificate from the web page, unzip the downloaded package, and we can get two files ending in.ken and.pem

• Let’s put these two files anywhere on the server and fill in the corresponding paths

• The last step is to configure Nginx, mainly port 443, and then restart Nginx

server { listen 443 ssl; Server_name blog.ydydydq.cn; ssl on; ssl_certificate /etc/nginx/conf/xxxxxx.pem; # digital certificate path ssl_certificate_key/etc/nginx/conf/XXXXXX. The key; Ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:! aNULL:! MD5; Ssl_prefer_server_ciphers on; location / { root /home/blog-ui; index index.html index.htm; }}Copy the code

• The original accessblog.ydydydq.cn/, is now accessibleblog.ydydydq.cn/Ok, it’s over, sprinkle flowers ~

Hit the pit

A pit

After I complete the above operation, the first accessblog.ydydydq.cn/This is what I saw.All right, the ports are down. They’re all red. Because the original blog all interface is to go port 8026, the source code has not moved, said good Nginx configuration smooth upgrade? Em…… HTTP requests cannot be sent under HTTPS. The main reason is that HTTP requests cannot be sent under HTTPS. It’s easy to just forward all interface requests to Nginx. First I need to prefix all interfaces with Em… The/API means the interface is coming. Then I changed the configuration of Nginx as follows

server { listen 443 ssl; Server_name blog.ydydydq.cn; ssl on; ssl_certificate /etc/nginx/conf/xxxxxx.pem; # digital certificate path ssl_certificate_key/etc/nginx/conf/XXXXXX. The key; Ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:! aNULL:! MD5; Ssl_prefer_server_ciphers on; location / { root /home/blog-ui; index index.html index.htm; } # forwarding the backend interface location/API / {proxy_pass http://blog.ydydydq.cn:8026/; }}Copy the code

Restart Nginx and visit blog.ydydydq.cn/ Em again… Ok, the interface is normal, success, ha ha ~

PS: xiao Bai chu wen, writing is not good, hope big guy light spray, I just pure for mixing cylinder to just.