In the HTTP node in nginx.conf, add the following parameters, please refer to your certificate provider for specific parameters
server {
Listen 443;
server_name domain;
SSL on;
Ssl_certificate DOMAIN.CRT;
Ssl_certificate_key Domain.key;
Ssl_session_timeout 5m;
Ssl_protocols SSLv3 TLSv1;
Ssl_ciphers high:! Adh:! Export56:rc4+rsa:+medium;
Ssl_prefer_server_ciphers on;
Location/{
root HTML;
Index index.html index.htm;
}
}
The above d
Using OpenSSL to generate certificates
1, the method of generating RSA key
OpenSSL genrsa-des3-out Privkey.pem 2048
This command will generate a 2048-bit key, with a Des3 method encrypted password, if you do not want to enter the password each time, you can change to:
OpenSSL genrsa-out Privkey.pem 2048
Build 2, generate a certificate request
It is recommended that you use a 2048-bit key, which is less likely to be unsafe or will soon be unsafe.
OpenSSL Req-new-key privkey.pem-out CERT.
Use the letsencrypt. sh script in Centos 6.8 to configure a free https certificate for nginx.
1. Download letsencrypt. sh
wget https://raw.githubusercontent.com/xdtianyu/scripts/master/lets-encrypt/letsencrypt.confwget https://raw.githubusercontent.com/xdtianyu/scripts/master/lets-encrypt/letsencrypt.sh
2. Modify the parameters of the letsencrypt. conf file.
# Vim letsencrypt. conf # only modify the values,
that's how Linux should learn 2018-05-11 .Lab Environment: CentOS Linux release 7.3.1611 (Core)Kernel version: Linux version 3.10.0-514.el7.x86_64Nginx version: Nginx-1.13.0Let's encrypt is a free, automated, open certification authority. Sponsored by many companies and organizations such as Mozilla, Cisco, Chrome, Facebook, and Akamai, the security is stable and reliable. Specific information can go to Le
blog.creke.net.key; //网站私钥存放的路径ssl_session_cache shared:SSL:10m;ssl_session_timeout 5m;ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;ssl_ciphers HIGH:!aNULL:!MD5;ssl_prefer_server_ciphers on;...}Third, detection configuration and reload Nginx configurationDetection configuration:Nginx-tReload:Nginx-s ReloadIv. QASometimes, you will find that when the phpMyAdmin and other programs log in, it will mistakenly jump to the HTTP problem. The
1. Download let ' s encrypt2. Generate the key, call before you need to stop NginxCertbot certonly--standalone-d www. domain name 1.com-d www. domain name 2.comThe build succeeds with the following promptsIMPORTANT NOTES:-congratulations! Your certificate and chain has been saved at/etc/letsencrypt/live/"Here is your domain name"/FULLCHAIN.PEM. Your cert would expire on "here is the expiry time". To obtain a new or tweaked version of this certificate on the future, simply run Certbot-auto
...LEBAO.CSRParsing Account Key ...Parsing CSR ...Registering account ...Already registered!Verifying test.api.lebaoedu.com ...Test.api.lebaoedu.com verified!Signing certificate ...Certificate signed!New CERT:LEBAO.CHAINED.CRT has been generatedThe generated certificate directory will have files similar to the following:
TEST.CHAINED.CRT test.com.key letsencrypt-account.key test.crt TEST.CSR ...Cron timed Tasks
Automatically update the certificate once a month, you can at the end of the script t
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.