One, Environmental description

Server system:ubuntu16.04LTS

The serverIP address:


Two, Domain name resolution to server

On Alibaba cloud console- Products and services- Cloud parsingDNS- Find the domain name point to resolve“ analysis”, Enter the analysis page and select【 Add parse】 The button will pop up the following page:

Host record [email protected], The record value is the serverip address, confirm.

Three, Applyca certificate

On Alibaba cloud console- Products and services- security( Cloud shield)-CA Certificate service( data security), Click to purchase certificate,

Choice“ Free EditionDV SSL”, Click buy now:

Then click to pay:

Final confirmation of payment:

It will return to the management interface:

click“ completion”, Enter domain name to resolve, Next step:

Explain: Because we are applying for the free certificate of development version here, So a certificate only supports one domain name authentication, Wildcards are not supported.

Wait a few minutes, Certificate status changes to“ Issued” after, The certificate was applied successfully.

Four, Download certificate

Issued certificate found in list, download:

Go to download page, findngin Page signingnginx configuration information, and“ Download certificate for Nginx”:

Record the following, For later configurationnginx use:

There are two downloaded files:



Five, Server installation, To configurenginx

Log in to the server:
$ apt-get update // Update software $ apt-get install nginx // installnginx
Six, To configureca certificate

1,nginx The installation directory of is:/etc/nginx/. Entry directory, increasecert/ Folder, Upload the two files you just downloaded tocert/ Folder.

2, stay/etc/nginx/sites-enabled/ lower, file. The contents are as follows:

Explain: The following configuration is true443 Port and80 Port for listening,443 Port to enablessl. Monitor443 Portserver The configuration can follow the aboveca Of the authentication pagenginx Configuration example for configuration.

root Node the author created Folder, Specially store requests from this domain name to distinguish. Add one under folderindex.html file, There's only one line in it<h1>welcome.
server { listen 443; server_name; // Your domain name ssl on; root
/var/www/;// Front desk file storage folder, Can be changed to something else index index.html index.htm;//
In the folder configured aboveindex.html ssl_certificate cert/214292799730473.pem;// Change to the name of your certificate
ssl_certificate_key cert/214292799730473.key;// The name of your certificate ssl_session_timeout
5m; ssl_ciphers ECDHE
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / {
index index.html index.htm; } } server { listen80; server_name;// Your domain name
rewrite ^(.*)$ https://$host$1 permanent;// holdhttp Domain name request tohttps }
After configuration, Check it out.nginx Is the profile available, Yessuccessful Indicates availability.
$ nginx -t // inspectnginx configuration file
After the configuration is correct, Reload configuration file for configuration to take effect:
$ nginx -s reload // Make configuration effective
thus,nginx Ofhttps The visit is complete, And passrewrite Way to put allhttp The request turned intohttps request, More secure.

For restartnginx, Use the following command:
$ service nginx stop // Stop it $ service nginx start // start-up $ service nginx restart
// restart
Seven, Access effect It will also automatically jump tohttps page.

Explain: If it's a cloud server, like alicloudECS, Need to go to Alibaba cloudECS Manage security groups in the background for, Modify the port filter rule80 Port and443 Open port to access.