This is a no-nonsense, easy-to-use, 5-minute tutorial on getting your website ready for Https.
Applying for an SSL Certificate
To start the configuration, first we need to have an SSL certificate, either free or charged, depending on how you like it. You can apply for a certificate from any certificate provider, aliyun for example.
Open the Aliyun SSL Certificate console and click Buy Certificate
Select the free one-year certificate and click buy now
Special attention, do not forget to reapply for the certificate after 1 year expires!
pay
Don’t worry, pay boldly, no money!
Verifying the SSL Certificate
When the purchase is complete, return to the SSL Certificate console and you should see the certificate you just purchased. We click apply.
Fill in the domain name (it must be your own or administrated domain) and the relevant information, then click Next.
Note that the free certificate only supports a single domain name! For example, to apply for a certificate for www.example.com, you must fill in www.example.com, not example.com.
Configure authentication information provided by Aliyun on the DNS service provider.
For example, DNSPod, fill in the host record, record value and record type, and click Save.
Wait patiently for the TTL to refresh (usually 10 minutes or less).
Go back to the Aliyun SSL certificate application page and click Verify.
Issued the domain name
Once verified, the certificate provider will issue a certificate for your domain name. The SSL certificate corresponding to your domain name can be found in the issued list of aliyun SSL Certificate Console.
Download the certificate
Download the SSL certificate xx_nginx.zip corresponding to Nginx and prepare to configure Nginx.
Configure Nginx
1. Upload the certificate
$sudo mkdir/etc/nginx/certs $sudo CD/etc/nginx/certs # # upload your certificate now directory $sudo ls -l DRWXR xr - 4096 Jul 24 x 2 root root 17:15 ./ drwxr-xr-x 7 root root 4096 Jul 24 17:15 .. / -rw-r--r-- 1 root root 4053 Jul 24 16:49 xx_nginx.zip $ sudo unzip xx_nginx.zip $ sudo ls -l -rw-r--r-- 1 root root 1679 Jul 24 16:48 xx.key ## ssl cert key -rw-r--r-- 1 root root 3667 Jul 24 16:48 xx.pem ## ssl certCopy the codeWith everything in place, it’s time to start modifying our Nginx configuration file.
Modify theNginxThe configuration file
Changing Http to Https is as simple as changing one thing and adding some code.
- will
listen 80;Modified tolisten 443; - in
serverBlock to add the following code
ssl on;
ssl_certificate certs/xx.pem;
ssl_certificate_key certs/xx.key;
ssl_session_timeout 5m;
Copy the codeAfter the modification, restart Nginx
sudo service nginx reload
sudo service nginx restart
Copy the codeOk, use Https to access your website.
HttpForced toHttps
Note that after the above changes, you can only access using Https, but you don’t want a 404 when you use Http. Then, we can simply forward the user on port 80 to port 443 to achieve both Http and Https.
Add to the Nginx configuration file
server {
listen 80;
server_name xx.xx.com;
return 301 https://$server_name$request_uri;
}
Copy the codeRestart the Nginx
sudo service nginx reload
sudo service nginx restart
Copy the codeIf this blog has been helpful to you, please remember to leave a comment + like + bookmark.
I am Chen, on the road of technology we forge ahead together!