First download the free certificate and upload it to the server. There are many kinds of certificates. Above Aliyun Free Edition
Certificates are divided into DV, OV and EV.
DV SSL certificate: It is also a domain name verification certificate. When applying for the certificate, CA (certificate authority) only needs to verify the ownership of the domain name. The whole process is very simple, without manual work, and can be completed automatically by the system. So the time is relatively fast, usually about 10 minutes can be issued, and the price is cheaper, relatively low level, suitable for personal websites and small organizations or enterprise websites.
OV SSL Certificate: This is an enterprise certification type, which requires higher certification requirements than DV Certificate. It not only needs to verify the ownership of the domain name, but also needs to verify the identity of the enterprise. Verification is to provide information about the enterprise and scanned documents of the company's business license, which are manually audited. Generally, it takes 3-5 working days to issue, and the price is relatively higher. However, the security level has been greatly improved, which is suitable for the general situation. Organize or small and medium-sized enterprise websites.
EV SSL Certificate: This is currently the highest level of security certificate in the industry, with more powerful functions than the first two. If the user installs the certificate, the browser will display not only the green address bar and https prefix and security lock logo, but also the enterprise name, which not only looks very big, but also is really safer. Of course, EV SSL certificate audit is also the most stringent, need to provide enterprise information and company business license scanned documents, as well as Deng Bai's or lawyer's opinion letter, CA institutions will manually verify the organization and telephone information, generally 3-7 working days before issuing, the price is relatively high, applicable to online trading websites, etc. Large enterprises or financial, banking and other organizations.
The above three certificates can be selected as single domain name, multi-domain name and general domain name with different prices.
Single domain name: General SSL certificate that protects only one domain name.
www.centby.com
Multiple domain names: multiple domain names can be protected at the same time, regardless of the number of main domain names or sub-domain names can be selected.
www.centby.com,m.centby.com,porcelain.bbs.centby.com
General domain name: It can protect a domain name and all the subordinate domain names of the domain name. There are limits in scope, but there are no limits in number.
* Centby.com or *.info.centby.com cannot be skipped
Configure Nginx
vi /usr/local/nginx/conf/nginx.conf
#user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; #start upstream demoa { #ip_hash; server 127.0.0.1:8000; } upstream demob { #ip_hash; server 127.0.0.1:8001; } #end #start ssl server { listen 443; server_name www.centby.com; ssl on; root /usr/share/nginx/html; ssl_certificate "cert/cert-15_xy.centby.com.crt";##Example ssl_certificate_key "cert/cert-15_xy.centby.com.key";##Example ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_prefer_server_ciphers on; location / { proxy_pass http://demoa; } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } } server { listen 443; server_name m.centby.com; ssl on; root /usr/share/nginx/html; ssl_certificate "cert/cert-8_aapi.crt";##Example ssl_certificate_key "cert/cert-8_bapi.key";##Example ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_prefer_server_ciphers on; location / { proxy_pass http://demob; } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } } #end ssl server { listen 80; server_name www.centby.com; #charset koi8-r; #access_log logs/host.access.log main; #location / { # root html; # index index.html index.htm; # } location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_buffering off; proxy_pass http://demoa; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } server { listen 80; server_name m.centby.com; #charset koi8-r; #access_log logs/host.access.log main; #location / { # root html; # index index.html index.htm; # } location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_buffering off; proxy_pass http://demob; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } #include vhost/*.conf; }
Restart the Nginx service
//Enter the catalogue cd /usr/local/nginx/sbin //test ./nginx -t //Restart service ./nginx -s reload