Generate the private key and certificate request File (csr)
Open the terminal and enter the following command
Openssl req-new-newkey rsa: 2048-nodes-keyout domain. key-out domain. csr
The generation process will ask several frequently asked questions, such as City and Country.
At last, we will ask the challenge password and remember it when entering it.
After the preceding commands are executed, the current directory will contain "domain. key" and "domain. csr" files.
Goddy certificate
After purchasing the SSL certificate, there will be an initialization process. fill in all the content of the csr file in the "CSR" input box. Goddy checks configuration and other operations. After the operation is complete, a certificate is issued. Click Download. Select "other" as the server type when downloading ".
Nginx configuration
The contents of the compressed package are similar to those shown in the following figure.
Under normal circumstances, the key and crt files are required for nginx to configure SSL.
There are two crt, so you need to merge the certificates.
Open the terminal and execute the following command:
Cat 53f58e3ac2172cd5. crt gd_bundle-g2-g1.crt> domain. crt
Modify the file name based on actual conditions.
After the certificate is merged, open the Nginx configuration file. The certificate directory is located in "/root/crt"
Server
{
Listen 443;
# Listen [:]: 80;
Server_name domain;
Index index.html index.htm index. php default.html default.htm default. php;
Root/home/wwwroot/domain;
Location =/favicon. ico {
Log_not_found off;
Access_log off;
}
Location =/robots.txt {
Allow all;
Log_not_found off;
Access_log off;
}
Location /{
If (! -E $ request_filename ){
Rewrite ^/(. *) $/index. php? $1 last;
}
}
Include other. conf;
# Error_page 404/welcome.html;
# Error_page 500 502 504 =/welcome.html;
Location ~ [^/] \. Php (/| $)
{
# Comment try_files $ uri = 404; to enable pathinfo
Try_files $ uri = 404;
Fastcgi_pass unix:/tmp/php-cgi.sock;
Fastcgi_index index. php;
Include fastcgi. conf;
# Include pathinfo. conf;
}
Location ~ . * \. (Gif | jpg | jpeg | png | bmp | swf) $
{
Expires 30d;
}
Location ~ . * \. (Html | htm )? $
{
Expires 10d;
}
Location ~ . * \. Ttf $
{
Add_header Access-Control-Allow-Origin *;
Expires 30d;
}
Location ~ . * \. (Js | css )? $
{
Expires 10d;
}
Ssl on;
Ssl_certificate/root/crt/domain. crt;
Ssl_certificate_key/root/crt/domain. key;
Access_log off;
}
Save and run nginx reload.