HTTP L HTTPS notes

Certificate requested by:

1.lets Encrypt international public welfare project Development soon, but in the domestic temporary some support is not high enough, such as the Android version is not recognized lets encrypt certificate. Jump in a blank page state

2. Wosign Certificate Domestic free certificate, the support is higher HTTP://FREESSL.WOSIGN.COM/FREESSL?TG=BD

Certificate substitution:

1. Build a certificate domain folder in/usr/local/nginx/sslcert such as Web.wo51go.com contains (lets Encrypt:ca_bundle.crt, CERTIFICATE.CRT, Private.key ) (wosign: 1_zks.wo51go.com_bundle.crt 2_zks.wo51go.com.key)

2. Configure inside the Ngnix

server {
Listen 443 SSL;
server_name zks.wo51go.com;

#lets Encrypt

# SSL_CERTIFICATE/USR/LOCAL/NGINX/SSLCERT/WEB.WO51GO.COM/CERTIFICATE.CRT;
# ssl_certificate_key/usr/local/nginx/sslcert/web.wo51go.com/private.key;

#沃通

SSL_CERTIFICATE/USR/LOCAL/NGINX/SSLCERT/ZKS.WO51GO.COM/1_ZKS.WO51GO.COM_BUNDLE.CRT;
Ssl_certificate_key/usr/local/nginx/sslcert/zks.wo51go.com/2_zks.wo51go.com.key;

Ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Ssl_prefer_server_ciphers on;
Ssl_ciphers high:!anull:! md5:! export56:! EXP;
Location/{
# root/opt/dis_app/static;
# index index.html index.htm;
Proxy_set_header Host $http _host;
Proxy_set_header X-real-ip $remote _addr;
Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;
Proxy_pass http://zks.wo51go.com;
}
}

3.http Turn HTTPS

# server {
# Listen 80;
# server_name web.wo51go.com;
# rewrite ^ (. *) $ https://$host $ permanent;
# }

After the above configuration is generally possible.

The problems encountered

1. After upgrading HTTPS, the page can not use the HTTP link, especially the JS file, if the reference is HTTP, will not be executed. Picture, will be executed, but in the browser with debug see there will be a warning.

2. Android version of lets encrypt signed certificate is not supported, will cause the page blank

HTTP L HTTPS notes