Alibaba Cloud Nginx configures https to implement domain name access project (graphic tutorial)

Step 1: Sign a third-party trusted SSL certificate

You can apply for a free SSL certificate directly in Alibaba Cloud.

insert image description here

Log in to your Alibaba Cloud account, search for SSL in the search bar above, and click SSL Certificate (Application Security)

insert image description here

After arriving at this page, click Buy Certificate

insert image description here

Select the free SSL certificate as shown in the figure and click Pay

insert image description here

After payment is completed, jump to the console homepage and click Certificate Application

insert image description here

After filling out the certificate application form, click Next.

insert image description here

Click Verify and submit for review after verification is successful

insert image description here

After the review is passed, click the download button

insert image description here

Select Download next to nginx

insert image description here

After downloading and decompressing, you will get a .key and .pem file. At this point, our certificate application work has been completed. Now we can start configuring https

insert image description here

Step 2: Configure https

1. How to install nginx on centos can refer to this blog post: https://segmentfault.com/a/1190000018109309
2. After the installation is complete, find the directory where nginx.conf is located. My directory is: /etc/nginx
3. Create a new folder cert in this directory to store the key file
4. Click nginx.conf and configure ssl. **Note that I am using version 1.16 of nginx here. The configuration before 1.15 is different from this one! ! **Here is my configuration:

 server {
   listen 443 ssl http2; #Configure the default access port number for HTTPS to be 443. If the default access port for HTTPS is not configured here, Nginx may fail to start. For Nginx 1.15.0 or later, please use listen 443 ssl instead of listen 443 and ssl on.
   server_name www.example.xyz; #Change www.certificatestests.com to the domain name bound to your certificate, for example: www.example.com. If you purchased a wildcard domain name certificate, you need to change it to a wildcard domain name, for example: *.aliyun.com.
   root html;

   index index.html index.htm;
   ssl_certificate cert/cert.pem; #Replace domain name.pem with the file name of your certificate.
   ssl_certificate_key cert/cert.key; #Replace domain name.key with the key file name of your certificate.
   ssl_session_timeout 5m;
   ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #Use this encryption suite.
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #Use this protocol for configuration.
   ssl_prefer_server_ciphers on;  
 }

If it is nginx version before 1.15, it should be configured like this:

 listen 443; #Configure the default access port number for HTTPS to be 443. If the default access port for HTTPS is not configured here, Nginx may fail to start. For Nginx 1.15.0 or later, please use listen 443 ssl instead of listen 443 and ssl on.
   server_name www.example.xyz; #Change www.certificatestests.com to the domain name bound to your certificate, for example: www.example.com. If you purchased a wildcard domain name certificate, you need to change it to a wildcard domain name, for example: *.aliyun.com.
   root html;
   ssl on;
   index index.html index.htm;
   ssl_certificate cert/cert.pem; #Replace domain name.pem with the file name of your certificate.
   ssl_certificate_key cert/cert.key; #Replace domain name.key with the key file name of your certificate.
   ssl_session_timeout 5m;
   ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #Use this encryption suite.
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #Use this protocol for configuration.
   ssl_prefer_server_ciphers on;  
 }

5. Configure the reverse proxy to let the default port (usually 80) proxy the port 8080 of our project, that is, we can access the port 8080 by accessing the port 80

server {
   listen 443 ssl http2; #Configure the default access port number for HTTPS to be 443. If the default access port for HTTPS is not configured here, Nginx may fail to start. For Nginx 1.15.0 or later, please use listen 443 ssl instead of listen 443 and ssl on.
   server_name www.example.xyz; #Change www.certificatestests.com to the domain name bound to your certificate, for example: www.example.com. If you purchased a wildcard domain name certificate, you need to change it to a wildcard domain name, for example: *.aliyun.com.
   root html;

   index index.html index.htm;
   ssl_certificate cert/cert.pem; #Replace domain name.pem with the file name of your certificate.
   ssl_certificate_key cert/cert.key; #Replace domain name.key with the key file name of your certificate.
   ssl_session_timeout 5m;
   ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #Use this encryption suite.
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #Use this protocol for configuration.
   ssl_prefer_server_ciphers on; 
  location / {
    proxy_pass http://ip:8080; //ip write your own server ip
  }  
 }

Save after configuration, and then restart nginx

nginx -s reload
 sudo systemctl restart nginx

Then check whether the firewall is turned on. Generally, it is turned off. If it is turned off, there is no need to turn it on. If it is open, open the server's default port (usually 80) and port 443

Then if it is a cloud server, you also need to configure the security group. Open the server management console and click Local instance security group

insert image description here

Click Manual Add or Quick Add, add the default ports 80 and 443, and save.

insert image description here

Next is to configure the domain name resolution. Go to the domain name console and click Resolution.

insert image description here

Click Add Record

insert image description here

Then resolve the public IP address of your server and click Confirm

insert image description here

After the parsing is complete, wait for about 10 minutes before you can access the domain name. Access the swagger document of the project and you can see that it has become https (you need to manually type https here)

insert image description here

You can see that the project was successfully accessed

Reference Links:

Nginx configures https to implement domain name access project: https://www.jianshu.com/p/e7b9622a63ed

This is the end of this article about Alibaba Cloud Nginx configuration https to achieve domain name access project (graphic tutorial). For more relevant Nginx configuration https domain name access content, please search 123WORDPRESS.COM's previous articles or continue to browse the following related articles. I hope everyone will support 123WORDPRESS.COM in the future!

You may also be interested in:

Example of how to configure nginx to implement SSL
Nginx implements https website configuration code example
Detailed tutorial on configuring nginx for https encrypted access
Implementation of Nginx domain name forwarding https access
Detailed explanation of the principle and implementation process of Nginx configuration https
Nginx configures the same domain name to support both http and https access
Detailed configuration of Nginx supporting both Http and Https
Implementation of HTTP and HTTPS services with Nginx reverse proxy for multiple domain names
Example code for using Nginx to implement 301 redirect to https root domain name
How to change the website accessed by http to https in nginx

<<: MySQL 8.0.22 installation and configuration method graphic tutorial

>>: Example verification MySQL | update field with the same value will record binlog

Briefly describe the difference between Redis and MySQL

Alibaba Cloud Nginx configures https to implement domain name access project (graphic tutorial)

Briefly describe the difference between Redis and MySQL

JavaScript implements fireworks effects with sound effects

Detailed explanation of html printing related operations and implementation

Change the MySQL database engine to InnoDB

JavaScript uses canvas to draw coordinates and lines

Linux uses iftop to monitor network card traffic in real time

Install mysql5.7 on Ubuntu 18.04

CSS: visited pseudo-class selector secret memories

Mysql 5.6 "implicit conversion" causes index failure and inaccurate data

Share 5 helpful CSS selectors to enrich your CSS experience

Recommend

MySQL beginners can say goodbye to the troubles of grouping and aggregation queries

Specific method of viewing user authorization information in mysql

Solve the problem that docker run or docker restart will automatically exit when starting the image

Introduction and analysis of three Binlog formats in MySQL

SQL implementation of LeetCode (197. Rising temperature)

Implementation of automatic completion of Docker commands

Tutorial on installing JDK Tomcat MySQL on Linux (remote access using Mac)

Comprehensive summary of mysql functions

Detailed explanation of the use of vue-resource interceptors

HTML background image and background color_PowerNode Java Academy

Several commonly used methods for centering CSS boxes (summary)

MySql COALESCE function usage code example

Mysql5.7 service cannot be started. Graphical solution tutorial

Docker builds CMS on-demand system with player function

How to check disk usage in Linux