Website by http Upgrade to https Text course
This article is based on the personal website of Kago by http Upgrade to https The record of .
A description of the premises ： Kago's website is AliYun On file . So based on this . If the domain name of Tencent cloud backup is similar .
A term is used to explain ：
HTTP And HTTPS What is it? ？
HTTP agreement （ Hypertext transfer protocol ） It is the most widely used network protocol on the Internet , It is often used in web Passing information between browser and web server ,http The protocol transfers data in plaintext , If it's intercepted on the way , You can read the information . Remember that the login interface of a certain medical device of the company was intercepted before , The page is full of advertisements .
In order to solve HTTP This flaw in the agreement , It's going to stretch out HTTPS agreement （ Secure socket layer Hypertext Transfer Protocol ）,HTTPS stay HTTP On the basis of adding SSL agreement ,SSL Rely on certificates to verify the identity of the server , by web The communication data between browser and server is encrypted .
HTTPS There are two main functions of the agreement ：
Set up an information security channel , To ensure the security of data transmission
Confirm the authenticity of the website .
HTTP And HTTPS What's the difference?
https The agreement needs to reach ca Apply for a certificate , Generally, there are fewer free certificates , So there is a certain cost .
http It's the hypertext transfer protocol , The message is transmitted in clear text ,https It is safe ssl Encrypted transport protocol .
http and https It USES a completely different connection , The ports are different , The former is 80, The latter is 443.
http The connection is simple , It's stateless ;HTTPS Agreement is made SSL+HTTP The protocol is built for encrypted transmission 、 Network protocol for identity authentication , Than
Certificate application process ：
1： There are free certificates in Alibaba cloud or Tencent cloud .（ notes ： Because Kaige is registered in alicloud . So it's based on AliYun Applied .）
2： Log in to alicloud - Console - Products and services - Search for SSL. Here's the picture ：
Click on SSL certificate ( Application security ) Then go to the purchase page . Here's the picture ：
choice ： Yundun certificate resource package . Here's the picture ：
Choose free certificate expansion package . Here's the picture ：
explain ： You can get it once in a natural year 20 Free certificate resource package for . By the end of the natural year , It will automatically clear . Every natural year is 12 month 31 Japan 24:00
Buy now ：
After successful purchase , Waiting for the management console ：
You can see the certificate resource package . Then click certificate application , You can see it in the certificate management list below , Add a new piece of data . Here's the picture ：
Then click certificate application . Will open and fill in the application . Here's the picture ：
Certificate binding domain name ： It's the domain you need to bind
Contact and location , After selection , Can .CRS There is no need to modify the generation method .
After completion , It goes to the verification information . Here's the picture ：
Because in the last step 【CRS There is no need to modify the generation method 】 We didn't choose manual . therefore , It can be submitted directly for review .
Submit for review soon . It's just 1-2 Minutes! . Here's the picture ：
After selecting the domain name to be deployed , Select Download . The certificate of the specific deployment mode will be opened . Then select the corresponding download . Because Kago uses Nginx. So the download is Nginx Of . Here's the picture ：
The download is a zip Compressed package . After decompressing the compressed package , You can get the corresponding to PEM and KEY Two files at the end . Here's the picture ：
Nginx Deploy ：
Upload Certificate ：
Upload the two extracted files to the server .
Like Kago's upload directory ：/usr/local/nginx/ssl/lingquan
explain ： Among them lingquan It's one of Kago's websites . If there are more than one that can be distinguished in this way .
stay Nginx Configuration in the configuration file of ：
Because Kago uses the pagoda panel . So modify between the corresponding websites in the pagoda panel . Here's the picture ：
without 443 Of server Node add . If there is , Follow the configuration below ：
listen 443 ssl;
server_name Your domain name ;
root Your project roots ;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Here's the picture ：
ssl_certificate： yes PEM The absolute path to the file
ssl_certificate_key： yes KEY The absolute path to the file .
Once the configuration is complete , restart Nginx. And then verify . Use https Visit your domain name .
Verify that the configuration is successful
You can see the use of https At the time of the visit , There's a little green lock . Indicating successful configuration
http Force jump to https To configure :
sometimes , We need to http Access is forced to jump to https Of . The configuration is as follows ：
server_name You go to the domain name ;
return 301 https:// request_uri;