nginx configure ssl to achieve https
Environmental description
Server system: Ubuntu 18.04 64 bit nginx: 1.14
This article mainly records the steps of configuring https, and does not introduce the details of applying for a ca certificate
There is a free ssl certificate here:
of Western Digital , and the certificate applied for in Tencent Cloud
After applying for a certificate and issuing it, download the certificate to the local
1. Install nginx
$ apt-get update //
$ apt-get install nginx // 2. Configure the ca certificate
2.1 The installation directory of nginx is /etc/nginx/, enter this directory, add the cert folder, and upload the two files just downloaded to the cert folder
2.2 Add a blog.confnew , the name is arbitrary, nginx will read all the configuration files in the conf.d/ folder
2.3 Copy the following configuration information to the blog.conffile
server {
listen 443;
server_name xiaoxina.cc; // 你的域名
ssl on;
root /var/lib/jenkins/workspace/blog; // 你的网站源码目录
index index.html index.htm;
ssl_certificate /etc/nginx/cert/xiaoxina.cc.crt; // 证书地址
ssl_certificate_key /etc/nginx/cert/xiaoxina.cc.key; // 证书地址
ssl_session_timeout 10m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_buffer_size 1400;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
location / {
index index.html index.htm;
}
}
server {
listen 80;
server_name xiaoxina.cc; // 你的域名
rewrite ^(.*)$ https://$host$1 permanent;
}After the configuration is complete, check whether the nginx configuration file is available. If successful, the configuration is correct.
$ nginx -tAfter the configuration is correct, reload the configuration file to make the configuration take effect:
$ service nginx reload
English