At present, most of our websites have changed from just HTTP, It has been changed to HTTPS, Of course, there are some websites that have not been changed . In fact, in Chinese websites, Lao Zuo thinks that ordinary personal websites use HTTP There's no problem , And sometimes the collection and speed is relatively fast . But if we're a business website or a corporate website , You must give it to the client , That's what makes it trendy and professional , Even if we know it doesn't work to install it or not .
For example, there was an enterprise website that Laozuo didn't install for customers , The customer opens the computer in the company , Actually called to tell me that the browser prompted unsafe websites , So I got angry . I'll pay for the installation HTTPS encryption . You like it , It's all right . In this article , Lao Zuo's simple record Nginx Server environment installation SSL certificate , And realize HTTPS Encrypted access to the website .
First of all 、 Apply for a certificate
The application for a certificate is simple . We have some one key package environments or WEB The panel supports free certificate application . Or our common domain name registrars and hosts are free DV Domain name certificate application . If we're a corporate website , I'm not going to give them free , This is the charge later , Back to be known with free , That would be embarrassing .
If we were a personal website , You can use it for free . Or it's OK to buy a certificate , Basically, the cost of a year is the cost of a domain name .
second 、 Certificate of merger
If we buy a certificate or a free certificate , It depends on what it looks like . We need to merge into crt In file , One is key file . And then prepare these two documents .
And then drop the file to a directory you know , Usually I put it in "/usr/local/nginx/conf/ssl" Catalog .
Third 、 Configure certificate file
listen 443 ssl http2;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache builtin:1000 shared:SSL:10m;
add_header Strict-Transport-Security max-age=15768000;
Corresponding to the site conf Add the above file to the file . It also needs to be based on the actual situation . If we have WEB When the environment supports configuration, the one generated automatically is better , If not, we need to receive the addition .
After adding, we need to debug
Check for errors , No error, restart it nginx Basically no problem .
That's what we're doing Nginx Server configuration installation site SSL The process of certification , Realize our site HTTPS. Of course, in the end, we need to set up the site HTTPS Address , Replace the theme and page with , After that, only the green lock . Generally, it's easier to add it from the beginning , Follow up supplement SSL Just a little more trouble .
From the original ：https://www.laozuo.org/17452.... Reprint note .