Preface

HTTP and HTTPS

In our daily life , Common web sites are roughly divided into 2 Kind of ：

One is based on http agreement , Such as ：http://www.baidu.com

One is based on https agreement , Such as ：https://www.baidu.com

Now many websites are for security reasons , Will access the domain name of the website from http Has been upgraded to https, If you don't know http and https The concept of , Take a look at the following article ：HTTP and HTTPS What's the difference

SSL certificate

So how do we http Upgrade to https Well ？

We're going to upgrade http by https, First you need a SSL certificate . SSL You can think of it as an undergraduate diploma , I have this undergraduate diploma , It will prove that you are an undergraduate , Can go to apply for undergraduate recruitment threshold . Of course , Certificates can be issued by different institutions , For example, Tsinghua University undergraduate diploma and ordinary three colleges undergraduate diploma , The gold content of the two must be different .SSL The same goes for certificates , There are also different issuing agencies .

Configuration mode

When you have domain names and SSL After certificate , We can upgrade the domain address to https 了 , We usually do it in Nginx Configure domain name in SSL certificate .

The specific process

Start visiting

（1） Now I use my own website , My personal site configuration SSL certificate , Upgrade my website to SSL.

I visit a picture on my website （ http://www.zyqok.cn/fj.jpg ）, This is a http visit .

（2） Then we changed it to https visit , Discovery is not accessible .

Let's start , Change the website to https Request access to .

Server installation Nginx

First , We need to install it on the server Nginx Environmental Science , If your server already has Nginx 了 , So this step can be skipped , If not installed Nginx, You may refer to it

obtain SSL certificate

Because my server was purchased by alicloud , So Ali will give some free SSL certificate , Here's how to get it from alicloud SSL The certificate process is described .
If you are not an alicloud customer , So this step can be skipped , And then self Baidu “SSL certificate ” Buy from related manufacturers , Or Baidu “ free SSL certificate ” .

（1） Log in to alicloud , And then find 【SSL certificate 】 One column , Click on （ Because I've already turned it on , So your position may be different from mine , Go to the panel and look for ）.

（2） Come to this panel , Click on 【 Purchase certificate 】.

（3） Choose free , Then buy

（4） When you've finished your purchase , A corresponding record will appear on the page , And then click 【 The certificate application 】.

（5） Then write the domain name you need to upgrade , For example, I want to put my personal website http://www.zyqok.cn Upgrade to https://www.zyqok.cn
Then fill in the domain name at this time zyqok.cn, Then fill in the other information , Click next , Then the certificate will be submitted to it , Enter audit status .

（6） When your application is approved , You can download your SSL Certificate , Let's click in the lower right corner 【 download 】

（7） Continue to choose Nginx hinder 【 download 】

（8） When the download is complete , We can get one SSL Certificate compression package

Upload SSL Certificate to server

（1） Let's decompress the certificate package first , Then you can get the following two files .

（2） We will pass these two documents through FTP Tools , Upload to server , And put it on Nginx The configuration file is located in the same level directory .

Modify the configuration and restart

（1） Open your Nginx.conf The configuration file , Then put your 443 and 80 Port of server Information configuration is as follows ：
For more detailed steps, you can view alicloud's documents ：Nginx/Tengine Server installation SSL certificate

# Direct access https 
server
{

charset utf8;
listen 443;
root /opt/local;
server_name www.zyqok.cn;
ssl on;
ssl_certificate 3067072_zyqok.cn.pem;
ssl_certificate_key 3067072_zyqok.cn.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
}
# http Jump https
server
{

listen 80;
server_name zyqok.cn;
rewrite ^/(.*) https://www.zyqok.cn permanent;
}

（2） Notice that the contents of the blue box are your domain name and SSL Certificate related documents .

（3） Then restart your Nginx service

Get into nginx Of sbin Under the table of contents , Enter the following command , restart nginx service

./nginx -s reload

（4） If it's an alicloud server , Don't forget to open 80 Port and 443 port , Otherwise I can't visit

You can refer to this article if you will not configure it ： Alicloud security rule configuration

Revisit

（1） direct https Visit （443 port ）, As you can see, yes OK Of

（2） then http visit （80 port ）, He will automatically jump to https, It's also OK Of .

thus , You have learned SSL Certificate configuration ！ Thank you for reading ！