Of Stack

Example of nginx Configuring ssl to Implement https

  • 2021-10-11 20:02:41
  • OfStack

Environmental description

Server system: Ubuntu 18.04 64-bit
nginx: 1.14

This article mainly records the steps of configuring https, so it will not introduce the relevant details of applying for ca certificate

Free ssl certificate: https://cloud.tencent.com/act/pro/ssl

I am the domain name of Western Digital, and I applied for the certificate in Tencent Cloud

After applying for the certificate and issuing it, download the certificate to the local area first

1. Install nginx 


$ apt-get update //  Update software 
$ apt-get install nginx //  Installation nginx

2. Configure ca certificate

2.1 The installation directory of nginx is/etc/nginx/. Enter this directory, add the cert folder, and upload the two files just downloaded to the cert folder

2.2 Add a configuration file of blog. conf under the/etc/nginx/conf. d/folder with any name. nginx will read all the configuration files in conf. d/folder

2.3 Copy the following configuration information into the blog. conf file 


server {
 listen 443;
 server_name xiaoxina.cc; //  Your domain name 
 ssl on;
 root /var/lib/jenkins/workspace/blog; //  Your Website Source Directory 
 index index.html index.htm;
 ssl_certificate /etc/nginx/cert/xiaoxina.cc.crt; //  Certificate address 
 ssl_certificate_key /etc/nginx/cert/xiaoxina.cc.key; //  Certificate address 
 ssl_session_timeout 10m;
 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_prefer_server_ciphers on;
 ssl_session_cache builtin:1000 shared:SSL:10m;
 ssl_buffer_size 1400;
 add_header Strict-Transport-Security max-age=15768000;
 ssl_stapling on;
 ssl_stapling_verify on;
 location / {
  index index.html index.htm;
 }
}

server {
 listen 80;
 server_name xiaoxina.cc; //  Your domain name 
 rewrite ^(.*)$ https://$host$1 permanent;
}

After the configuration is completed, check whether the nginx configuration file under 1 is available. If successful appears, the configuration is correct 


$ nginx -t

After the configuration is correct, reload the configuration file for the configuration to take effect: 


$ service nginx reload
Related articles: