Example of nginx Configuring ssl to Implement https
- 2021-10-11 20:02:41
- OfStack
Environmental description
Server system: Ubuntu 18.04 64-bit
nginx: 1.14
This article mainly records the steps of configuring https, so it will not introduce the relevant details of applying for ca certificate
Free ssl certificate: https://cloud.tencent.com/act/pro/ssl
I am the domain name of Western Digital, and I applied for the certificate in Tencent Cloud
After applying for the certificate and issuing it, download the certificate to the local area first
1. Install nginx
$ apt-get update // Update software
$ apt-get install nginx // Installation nginx
2. Configure ca certificate
2.1 The installation directory of nginx is/etc/nginx/. Enter this directory, add the cert folder, and upload the two files just downloaded to the cert folder
2.2 Add a configuration file of blog. conf under the/etc/nginx/conf. d/folder with any name. nginx will read all the configuration files in conf. d/folder
2.3 Copy the following configuration information into the blog. conf file
server {
listen 443;
server_name xiaoxina.cc; // Your domain name
ssl on;
root /var/lib/jenkins/workspace/blog; // Your Website Source Directory
index index.html index.htm;
ssl_certificate /etc/nginx/cert/xiaoxina.cc.crt; // Certificate address
ssl_certificate_key /etc/nginx/cert/xiaoxina.cc.key; // Certificate address
ssl_session_timeout 10m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_buffer_size 1400;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
location / {
index index.html index.htm;
}
}
server {
listen 80;
server_name xiaoxina.cc; // Your domain name
rewrite ^(.*)$ https://$host$1 permanent;
}
After the configuration is completed, check whether the nginx configuration file under 1 is available. If successful appears, the configuration is correct
$ nginx -t
After the configuration is correct, reload the configuration file for the configuration to take effect:
$ service nginx reload