Nginx domain name SSL certificate configuration (website http upgraded to https)

Preface

HTTP and HTTPS

In our daily life, common URLs can be roughly divided into two types:

One is based on the http protocol, such as: http://www.baidu.com

One is based on the https protocol, such as: https://www.baidu.com

Now many websites have upgraded their website domain name access from http to https for security reasons. If you don't know the concepts of http and https, you might as well read the following article: What is the difference between HTTP and HTTPS?

SSL Certificate

So how do we upgrade http to https?

We need to upgrade http to https, and first we need an SSL certificate. You can imagine SSL as an undergraduate degree certificate. With this undergraduate degree certificate, you can prove that you are an undergraduate student, and you can apply for recruitment with an undergraduate threshold. Of course, certificates can be issued by different institutions. For example, the value of a Tsinghua undergraduate diploma and an undergraduate diploma from an ordinary third-tier university is definitely different. The same is true for SSL certificates, which also have different issuing agencies.

Configuration

Once we have a domain name and an SSL certificate, we can upgrade the domain name URL to https. Our common practice is to configure the SSL certificate for the domain name in Nginx.

Specific process

Start your visit

(1) Below I will use my own website to configure my personal website SSL certificate and upgrade my website to SSL.

I visited a picture on my website (http://www.zyqok.cn/fj.jpg), which is an http visit.

(2) Then we changed to https access, but found that it was not accessible.

Now we will officially start and change the website to https request access.

Install Nginx on the server

First, we need to install the Nginx environment on the server. If your server already has Nginx, you can skip this step. If Nginx is not installed, you may refer to

Get an SSL Certificate

Since I bought my server from Alibaba Cloud, Alibaba will provide me with several free SSL certificates. The following is an explanation of the process of obtaining an SSL certificate from Alibaba Cloud.
If you are not an Alibaba Cloud customer, you can skip this step and search for "SSL certificate" on Baidu and purchase it from a related manufacturer, or search for "free SSL certificate" on Baidu.

(1) Log in to Alibaba Cloud, then find the [SSL Certificate] column and click it (because I have already enabled this function, your location may be different from mine, so go to the panel to find it yourself).

(2) Once you reach this panel, click [Purchase Certificate].

(3) Select the free model and then purchase

(4) When you complete the purchase, a corresponding record will appear on the page, and then click [Apply for Certificate].

(5) Then write the domain name you want to upgrade. For example, I want to upgrade my personal website http://www.zyqok.cn to https://www.zyqok.cn
At this time, fill in the domain name as zyqok.cn, then fill in other information, click Next, and then the certificate will be submitted to the above and enter the review status.

(6) Once your application is approved, you can download your SSL certificate. Click [Download] in the lower right corner.

(7) Continue to select [Download] after Nginx

(8) After the download is complete, we can get a compressed package of the SSL certificate

Upload the SSL certificate to the server

(1) We first decompress the certificate package, and then we can get the following two files.

(2) We upload these two files to the server using the FTP tool and place them in the same directory as the Nginx configuration file.

Modify the configuration and restart

(1) Open your Nginx.conf configuration file and configure the server information for ports 443 and 80 as follows:
For more detailed steps, see Alibaba Cloud's documentation: Installing SSL Certificates on Nginx/Tengine Servers

# Direct access to https 
 server
 {
  	charset utf8;
	listen 443;
	root /opt/local;
	server_name www.zyqok.cn; 
	ssl on;
	ssl_certificate 3067072_zyqok.cn.pem;
	ssl_certificate_key 3067072_zyqok.cn.key;
	ssl_session_timeout 5m;
	ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; 
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
	ssl_prefer_server_ciphers on;
	
 }
 
 # http jump to https
 server 
 {
    listen 80;
	server_name zyqok.cn;
	rewrite ^/(.*) https://www.zyqok.cn permanent;
 }

(2) Note that the contents of the blue box are your domain name and SSL certificate related files.

(3) Then restart your Nginx service

Enter the sbin directory of nginx and enter the following command to restart the nginx service

./nginx -s reload

(4) If it is an Alibaba Cloud server, don’t forget to open port 80 and port 443, otherwise you will not be able to access it.

If you don't know how to configure, you can refer to this article: Alibaba Cloud Security Rules Configuration

Visit again

(1) Access directly via https (port 443), and you can see that it is OK

(2) Then access via http (port 80), it will automatically jump to https, which is also OK.

At this point, you have learned how to configure an SSL certificate! Thanks for reading!