Nginx deployment SSL Certificate (Alibaba cloud)

Step 1: download the certificate to the local

Nginx certificate zip file.

After decompression, you will get the following files:
Certificate file in PEM format.
Certificate KEY file in KEY format

Step 2: install the certificate on the Nginx stand-alone server

Execute the following command to create a directory (named cert) for storing certificates under the Nginx installation directory (the default is / usr/local/nginx/conf).

mkdir /usr/local/nginx/conf/cert  #Create a certificate directory named cert.
vim /usr/local/nginx/conf/nginx.conf

Press the i key to enter the editing mode.
Locate the http protocol code fragment (http {}) in the configuration file and add the following server configuration in the http protocol code (if the server configuration already exists, modify the corresponding configuration according to the following notes).
Before using the sample code, please replace the following:
yourdomain.com: replace with the domain name bound by the certificate.
If you purchase a single domain name certificate, you need to modify it to a single domain name (for example, www.aliyun.com); If you purchased a wildcard domain name certificate, you need to modify it to a wildcard domain name (for example, *. aliyun.com).
cert-file-name.pem: replace with the name of the certificate file you uploaded in step 3.
cert-file-name.key: replace with the name of the certificate key file you uploaded in step 3.

#Among the following attributes, attributes starting with ssl are related to certificate configuration.
server {
    listen 443 ssl;
    #The default access port configured for HTTPS is 443.
    #If the default access port of HTTPS is not configured here, Nginx may not start.
    #If you are using Nginx 1.15.0 and above, use listen 443 ssl instead of listen 443 and ssl on.
    server_name yourdomain.com; #You need to add yourdomain COM is replaced by the domain name bound by the certificate.
    root html;
    index index.html index.htm;
    ssl_certificate cert/cert-file-name.pem;  #You need to set cert file name Replace PEM with the name of the uploaded certificate file.
    ssl_certificate_key cert/cert-file-name.key; #You need to set cert file name Key is replaced by the name of the uploaded certificate key file.
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    #Indicates the type of encryption suite used.
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #Indicates the type of TLS protocol used.
    ssl_prefer_server_ciphers on;
    location / {
        root html;  #Site directory.
        index index.html index.htm;
    }
}

Optional: set the HTTP request to automatically jump to HTTPS.
If you want to add the rewrite statement to the following HTTP pages, you can automatically jump to the following HTTP pages.
Before using the sample code, please note that you domain COM is replaced by the domain name bound by the certificate.

server {
    listen 80;
    server_name yourdomain.com; #You need to add yourdomain COM is replaced by the domain name bound by the certificate.
    rewrite ^(.*)$ https://$host$1; # Redirect all HTTP requests to HTTPS through the rewrite instruction.
    location / {
        index index.html index.htm;
    }
}

After modification, press Esc and Enter: wq! And press Enter to save the modified configuration file and exit editing mode.
Execute the following command to restart the Nginx service.
Zoom in to see the copied code

/usr/local/nginx/sbin/nginx -s reload  #Reload the configuration file.

If you receive an error message when restarting the Nginx service, you can use the following methods for troubleshooting:
Received the "SSL" parameter requirements NGX_ http_ ssl_ Module error: you need to recompile Nginx and add - with HTTP when compiling and installing_ ssl_ Module configuration.

Step 3: verify successful installation

After the certificate is installed, you can verify whether the certificate is successfully installed by accessing the binding domain name of the certificate.
Zoom in to see the copied code
https://yourdomain.com #You need to add yourdomain COM is replaced by the domain name bound by the certificate.

Reproduced from Alibaba cloud official documents:
https://help.aliyun.com/document_detail/98728.html?spm=5176.14113079.0.dexternal.48dd56a7s5hiwU

Keywords: CentOS Nginx https

Added by Rik Peters on Tue, 08 Mar 2022 01:11:29 +0200