One , Environmental description

Server system :ubuntu16.04LTS

The server IP address :47.89.12.99

domain name :bjubi.com

Two , Domain name resolution to server

On Alibaba cloud console - Products and services - Cloud analysis DNS- Find the domain name point to resolve “ analysis ”, Enter the analysis page and select 【 Add resolution 】 The button will pop up the following page :

Host record here @, The record value is the server ip address , confirm .



Three , apply ca certificate

On Alibaba cloud console - Products and services - security ( Yundun )-CA Certificate Services ( data security ), Click to buy certificate ,



choice “ Free Edition DV SSL”, Click buy now :



Then click to pay :



Final confirmation of payment :



It will return to the management interface :



click “ completion ”, Enter domain name to resolve , Click Next :

explain : Because we are applying for the free certificate of development version here , So a certificate only supports one domain name authentication , Wildcards are not supported .



Wait a few minutes , Certificate status changes to “ Issued ” after , The certificate was applied successfully .

Four , Download certificate

Issued certificate found in list , download :



Go to download page , find ngin In tab nginx configuration information , and “ Download certificate for Nginx”:



Record the following , For later configuration nginx use :



There are two downloaded files :

1,214292799730473.pem

2,214292799730473.key

Five , Server installation , to configure nginx

Log in to the server :
$ apt-get update // Update software $ apt-get install nginx // install nginx
Six , to configure ca certificate

1,nginx The installation directory of is :/etc/nginx/. Enter directory , increase cert/ folder , Upload the two files you just downloaded to cert/ Folder .

2, stay /etc/nginx/sites-enabled/ lower , increase bjubi.com file . The content is as follows :


explain : The following configuration is true 443 Ports and 80 Port for listening ,443 Port to enable ssl. monitor 443 Of port server The configuration can follow the above ca Of the authentication page nginx Configuration example for configuration .

root Node the author created a bjubi.com/ Folder for , Specially store requests from this domain name to distinguish .

bjubi.com/ Add one under folder index.html file , There's only one line in it <h1>welcome.
server { listen 443; server_name bjubi.com; // Your domain name ssl on; root
/var/www/bjubi.com;// Front desk file storage folder , Can be changed to something else index index.html index.htm;//
In the folder configured above index.html ssl_certificate cert/214292799730473.pem;// Change to the name of your certificate
ssl_certificate_key cert/214292799730473.key;// The name of your certificate ssl_session_timeout
5m; ssl_ciphers ECDHE
-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / {
index index.html index.htm; } } server { listen80; server_name bjubi.com;// Your domain name
rewrite ^(.*)$ https://$host$1 permanent;// hold http Domain name request to https }
After configuration , Check it out nginx Is the profile available , Yes successful Indicates available .
$ nginx -t // inspect nginx configuration file
After the configuration is correct , Reload configuration file for configuration to take effect :
$ nginx -s reload // Make configuration effective
thus ,nginx Of https The visit is complete , And through rewrite Way to put all http The request turned into https request , More secure .

To restart nginx, Use the following command :
$ service nginx stop // stop it $ service nginx start // start-up $ service nginx restart
// restart
Seven , Access effect

input http:bjubi.com It will also automatically jump to https page .

explain : If it's a cloud server, like alicloud ECS, Need to go to Alibaba cloud ECS Manage security groups in the background for , Modify the port filter rule 80 Ports and 443 Open port to access .