Process of installing and configuring SSL certificate on nginx server

Time:2021-7-13

At present, most of our websites have changed from HTTP to HTTPS. Of course, some websites have not changed. In fact, in Chinese websites, Lao Zuo thinks that there is no problem for ordinary personal websites to use HTTP, and sometimes the collection and speed are relatively fast. However, if we are a commercial website or enterprise website, you must still give it to customers, so as to appear trendy and professional. Even if we know that it is useless to install it or not.

For example, there was an enterprise website that Lao Zuo didn’t install for the customer. The customer opened it on the company’s computer and actually called to tell the browser that it was unsafe, so he was angry. This does not pay for the installation of HTTPS encryption. Whatever you like. In this article, Lao Zuo simply records the installation of SSL Certificate in nginx server environment, and the method of accessing website with HTTPS encryption.

First, apply for certificate

The application for a certificate is simple. Some of our one click package environment or web panel support free certificate application. Or our common domain name registrars and hosts also have free DV domain name certificate applications. If we are a corporate website, I will definitely not give them a free one. This one will be charged later. If we are known to use a free one later, it will be embarrassing.

If we are a personal website, you can use the free one. Or buy pay certificate is OK, basically a year’s cost is a domain name cost.

Second, the merger certificate

If we buy a certificate or a free certificate, what does it look like. We need to merge them into CRT files. One is the key file. Then prepare these two documents.

Then I drop the file to the directory I know. Generally, I put it in the directory of / usr / local / nginx / conf / SSL.

Third, configure the certificate file

listen 443 ssl http2;
ssl_certificate /home/ssl/www.laozuo.org.crt;
ssl_certificate_key /home/ssl/www.laozuo.org.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_buffer_size 1400;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;

Add the above file to the conf file of the corresponding site. The actual situation shall prevail. It’s better if we generate it automatically when we have web environment support configuration. If not, we need to receive the addition.

After adding, we need to debug

nginx -t

Check whether an error is reported. If no error is reported, there is basically no problem restarting nginx.

The above is the process of configuring and installing site SSL Certificate in nginx server to realize our site HTTPS. Of course, in the end, we need to set the HTTPS address for the site, replace the theme and page, and then only green lock. Generally, it’s easier for us to add it at the beginning, and it’s more troublesome to add SSL later.

The original text comes from:https://www.laozuo.org/17452….Reprint notes.

Recommended Today

Implementation example of go operation etcd

etcdIt is an open-source, distributed key value pair data storage system, which provides shared configuration, service registration and discovery. This paper mainly introduces the installation and use of etcd. Etcdetcd introduction etcdIt is an open source and highly available distributed key value storage system developed with go language, which can be used to configure sharing […]