At present, most of our websites have changed from HTTP to HTTPS. Of course, some websites have not changed. In fact, in Chinese websites, Lao Zuo thinks that there is no problem for ordinary personal websites to use HTTP, and sometimes the collection and speed are relatively fast. However, if we are a commercial website or enterprise website, you must still give it to customers, so as to appear trendy and professional. Even if we know that it is useless to install it or not.
For example, there was an enterprise website that Lao Zuo didn’t install for the customer. The customer opened it on the company’s computer and actually called to tell the browser that it was unsafe, so he was angry. This does not pay for the installation of HTTPS encryption. Whatever you like. In this article, Lao Zuo simply records the installation of SSL Certificate in nginx server environment, and the method of accessing website with HTTPS encryption.
First, apply for certificate
The application for a certificate is simple. Some of our one click package environment or web panel support free certificate application. Or our common domain name registrars and hosts also have free DV domain name certificate applications. If we are a corporate website, I will definitely not give them a free one. This one will be charged later. If we are known to use a free one later, it will be embarrassing.
If we are a personal website, you can use the free one. Or buy pay certificate is OK, basically a year’s cost is a domain name cost.
Second, the merger certificate
If we buy a certificate or a free certificate, what does it look like. We need to merge them into CRT files. One is the key file. Then prepare these two documents.
Then I drop the file to the directory I know. Generally, I put it in the directory of / usr / local / nginx / conf / SSL.
Third, configure the certificate file
listen 443 ssl http2;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache builtin:1000 shared:SSL:10m;
add_header Strict-Transport-Security max-age=15768000;
Add the above file to the conf file of the corresponding site. The actual situation shall prevail. It’s better if we generate it automatically when we have web environment support configuration. If not, we need to receive the addition.
After adding, we need to debug
Check whether an error is reported. If no error is reported, there is basically no problem restarting nginx.
The above is the process of configuring and installing site SSL Certificate in nginx server to realize our site HTTPS. Of course, in the end, we need to set the HTTPS address for the site, replace the theme and page, and then only green lock. Generally, it’s easier for us to add it at the beginning, and it’s more troublesome to add SSL later.
The original text comes from:https://www.laozuo.org/17452….Reprint notes.