eighty-nine
Nginx certificate deployment

Get certificate

Take the domain name www.example.com as an example

Select "Nignx/Engine" as the environment to download and obtain the SSL certificate file www. example .com.crt And private key file www. example .com.key

www. example .com.crt The file contains two pieces of certificate code

-----BEGIN CERTIFICATE----- reach -----END CERTIFICATE-----

www. example .com.key The file contains a private key code

-----BEGIN RSA PRIVATE KEY----- reach -----END RSA PRIVATE KEY-----

Certificate installation

Certificate file of domain name www.example.com www. example .com.crt , private key file www. example .com.key Save to the same directory, for example Nginx [installation directory]/conf Directory. Update nginx [installation directory] root directory conf/nginx.conf The documents are as follows:

 server {
 listen 443;
 server_name www.example.com; # Fill in the domain name of the binding certificate
 ssl on;
 ssl_certificate www.example.com.crt;
 ssl_certificate_key www.example.com.key;
 ssl_session_timeout 5m;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Configure according to this protocol
 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:! aNULL:! MD5:! RC4:! DHE;# Configure according to this kit
 ssl_prefer_server_ciphers on;
 location / {
 root html; # Site Directory
 index index.html index.htm;
 }
 }

After configuration, use Nginx [installation directory]/nginx – t Test whether the configuration is correct. If it is correct, restart nginx. Can make //www. example .com Came to visit.

Use full site encryption, and http automatically jumps to https (optional)

If the user does not know that the website can be accessed through https, the server will automatically redirect the http request to https. If it is configured on the server side, you can add a js script to the page, or write a redirect in the back-end program. Of course, you can also jump to the web server. Nginx supports rewriting (as long as the pcre is not removed when compiling). Add rewriting in the http server ^(.*) //$host$1 permanent ; In this way, you can realize the request of 80 incoming and redirect it to https.

Does this help solve your problem? resolved Unresolved

Submitted successfully! Thank you very much for your feedback, and we will continue to strive to do better! We are sorry that we were unable to resolve your question. We have received your feedback and will give feedback in time!

  • 100 times fault compensation
  • Refund for 1 day without reason
  • 7x24 service
  • 0 yuan fast filing
  • 1V1 Special Secretary