Website by http Upgrade to https Text course

This article is based on the personal website of Kago by http Upgrade to https The record of .

A description of the premises ： Kago's website is AliYun On file . So based on this . If the domain name of Tencent cloud backup is similar .

A term is used to explain ：

HTTP And HTTPS What is it? ？

HTTP agreement （ Hypertext transfer protocol ） It is the most widely used network protocol on the Internet , It is often used in web Passing information between browser and web server ,http The protocol transfers data in plaintext , If it's intercepted on the way , You can read the information . Remember that the login interface of a certain medical device of the company was intercepted before , The page is full of advertisements .

In order to solve HTTP This flaw in the agreement , It's going to stretch out HTTPS agreement （ Secure socket layer Hypertext Transfer Protocol ）,HTTPS stay HTTP On the basis of adding SSL agreement ,SSL Rely on certificates to verify the identity of the server , by web The communication data between browser and server is encrypted .

HTTPS There are two main functions of the agreement ：

Set up an information security channel , To ensure the security of data transmission

Confirm the authenticity of the website .

HTTP And HTTPS What's the difference?

https The agreement needs to reach ca Apply for a certificate , Generally, there are fewer free certificates , So there is a certain cost .

http It's the hypertext transfer protocol , The message is transmitted in clear text ,https It is safe ssl Encrypted transport protocol .

http and https It USES a completely different connection , The ports are different , The former is 80, The latter is 443.

http The connection is simple , It's stateless ;HTTPS Agreement is made SSL+HTTP The protocol is built for encrypted transmission 、 Network protocol for identity authentication , Than

Certificate application process ：

1： There are free certificates in Alibaba cloud or Tencent cloud .（ notes ： Because Kaige is registered in alicloud . So it's based on AliYun Applied .）

2： Log in to alicloud - Console - Products and services - Search for SSL. Here's the picture ：

 

edit

​

Click on SSL certificate ( Application security ) Then go to the purchase page . Here's the picture ：

 

edit

​

choice ： Yundun certificate resource package . Here's the picture ：

 

edit

​

Choose free certificate expansion package . Here's the picture ：

 

edit

​

explain ： You can get it once in a natural year 20 Free certificate resource package for . By the end of the natural year , It will automatically clear . Every natural year is 12 month 31 Japan 24:00

Buy now ：

 

edit

​

After successful purchase , Waiting for the management console ：

 

edit

​

You can see the certificate resource package . Then click certificate application , You can see it in the certificate management list below , Add a new piece of data . Here's the picture ：

 

edit

​

Then click certificate application . Will open and fill in the application . Here's the picture ：

 

edit

​

explain ：

Certificate binding domain name ： It's the domain you need to bind

Contact and location , After selection , Can .CRS There is no need to modify the generation method .

After completion , It goes to the verification information . Here's the picture ：

 

edit

​

Because in the last step 【CRS There is no need to modify the generation method 】 We didn't choose manual . therefore , It can be submitted directly for review .

Submit for review soon . It's just 1-2 Minutes! . Here's the picture ：

 

edit

​

After selecting the domain name to be deployed , Select Download . The certificate of the specific deployment mode will be opened . Then select the corresponding download . Because Kago uses Nginx. So the download is Nginx Of . Here's the picture ：

 

edit

​

The download is a zip Compressed package . After decompressing the compressed package , You can get the corresponding to PEM and KEY Two files at the end . Here's the picture ：

 

edit

​

Nginx Deploy ：

Upload Certificate ：

Upload the two extracted files to the server .

Like Kago's upload directory ：/usr/local/nginx/ssl/lingquan

explain ： Among them lingquan It's one of Kago's websites . If there are more than one that can be distinguished in this way .

stay Nginx Configuration in the configuration file of ：

Because Kago uses the pagoda panel . So modify between the corresponding websites in the pagoda panel . Here's the picture ：

 

edit

​

without 443 Of server Node add . If there is , Follow the configuration below ：

server {

listen 443 ssl;

server_name Your domain name ;

root Your project roots ;

index index.html;

ssl_certificate /usr/local/nginx/ssl/xxx/xxx.pem;

ssl_certificate_key /usr/local/nginx/ssl/xxx/xxx.key;

ssl_session_timeout 5m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;

ssl_prefer_server_ciphers on;

}

Here's the picture ：

 

edit

​

explain ：
ssl_certificate： yes PEM The absolute path to the file

ssl_certificate_key： yes KEY The absolute path to the file .

Once the configuration is complete , restart Nginx. And then verify . Use https Visit your domain name .

Verify that the configuration is successful

 

edit

​

 

edit

​

You can see the use of https At the time of the visit , There's a little green lock . Indicating successful configuration

http Force jump to https To configure :

sometimes , We need to http Access is forced to jump to https Of . The configuration is as follows ：

server {

listen 80;

server_name You go to the domain name ;

return 301 https:// $host$request_uri;

}

 

edit

​