How to make your website use HTTPS like mine?

Using HTTPS to visit our website can not only increase the security of our website, but also enhance the force of our website! I have some experience in building SSL service and CDN for the website, and I'd like to share with you here. I hope I can help you in this respect!!!

Step 1 purchase SSL certificate

Open alicloud > products and services > SSL certificate

Step 2 verify domain name

After the purchase is successful, we need to verify our domain name, so we need to resolve the domain name

  • Record type: TXT
  • Host record: hub.fengwenyi.com
  • Record value: fill in the record value in the form here

Click save. Then click verify in verify domain name

Step 3 download certificate

Although the domain name has passed the verification, the certificate we applied for still needs to be reviewed for some time.

At this time, we need to download the certificate.

Step 3 configuration

It should be noted that we use Nginx

So, we upload the downloaded certificate to the server... / nginx/config/cert directory

Then we go to configure Nginx.

  • Listen 443 ssl; the ssl protocol access port number is 443. If ssl is not added here, Nginx may fail to start.
  • server_ name hub.fengwenyi.com ; ා domain name, used to replace the port number to be accessed
  • ssl_certificate cert/hub.fengwenyi.com.pem; domain name.pem Replace with the file name of your certificate.
  • ssl_certificate_key cert/hub.fengwenyi.com.key; set the domain name.key Replace with the key file name of your certificate.
  • ssl_ ciphers ECDHE-RSA-AES128-GCM-SHA256: ECDHE:ECDH : AES:HIGH :! Null:! A null:! MD5:! ADH:! RC4; ා use this encryption suite.
  • ssl_protocols TLSv1 TLSv1.1 TLSv1.2; use this protocol for configuration.

Then, when we visit port 80, we also jump here

  • rewrite ^(.*)$ https://$host$1 Persistent; ා redirect all http requests to https through rewrite.

The complete configuration of Nginx is as follows:


#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
 		listen 80;
 		server_name hub.fengwenyi.com;   #Change localhost to the domain name bound to your certificate, for example: www.example.com . 
		rewrite ^(.*)$ https://$host$ permanent; ා redirect all http requests to https through rewrite.
 		location / {
			proxy_pass http://localhost:5000/;
		}
    }

    server {
        listen 443 ssl;   #The SSL protocol access port number is 443. If SSL is not added here, Nginx may fail to start.
        server_name hub.fengwenyi.com;   # Domain name, used in place of the port number to be accessed
        ssl_certificate cert/hub.fengwenyi.com.pem;   #Set the domain name.pem Replace with the file name of your certificate.
        ssl_certificate_key cert/hub.fengwenyi.com.key;   #Set the domain name.key Replace with the key file name of your certificate.
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;  #Use this encryption suite.
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;   #Use this protocol for configuration.
        ssl_prefer_server_ciphers on; 
        
        location / {
            proxy_pass http://localhost:5000/;
        }
    }
}

Restart Nginx

./nginx -s reload

preview

After these operations, the SSL certificate is almost audited.

Let's have a direct visit if we don't have much to say!

https://hub.fengwenyi.com

Personal website

https://www.fengwenyi.com

Tags: Programming SSL Nginx

Posted on Thu, 21 May 2020 09:30:30 -0700 by tofi84