Ali Cloud Deployment 6. Configure https

Keywords: Javascript Nginx SSL DNS sudo

Get ready

  1. Domain name on file
  2. ssl certificate (free)

Request Certificate

  1. Login to Ali Cloud Console Production - > Products and Services - > SSL Certificates
  2. Click Purchase Certificate, Certificate Type Select Free DV SSL, Complete Purchase
  3. After purchasing, Symantec Free SSL appears, button click under operation item.
  4. Perfect data and submit for review.My domain name here is using the Ali Cloud DNS service. Follow the prompt to check the certificate-bound domain name for cloud resolution in Ali Cloud, and the system generates a CSR until it is submitted for review.

In about 10 minutes, the application certificate will be approved.

Download Certificate

Confirm that you have obtained the certificate and go to the Certificate Console to download the certificate. After unzipping, you will get two files

Certificates are configured differently depending on the server type. Here's an example of nginx server

Configure https for nginx

  1. Create a directory to store certificates (any)
sudo mkdir -p /usr/local/nginx/ssl/key
  1. Upload Certificate
scp -p 22 /usr/local/nginx/ssl/key/ root@

scp -p 22 /usr/local/nginx/ssl/key/ root@

After uploading, the directory structure is as follows

[root@iZ8vbfhrv1vsbp44n9fdtoZ key]# pwd
[root@iZ8vbfhrv1vsbp44n9fdtoZ key]# ls
  1. Modify nginx configuration file
# HTTPS server
server {
    listen       443 ssl;
    server_name  localhost;

    ssl_certificate      /usr/local/nginx/ssl/key/;
    ssl_certificate_key  /usr/local/nginx/ssl/key/;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;
#    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

    location / {
        root   /opt/nodejs/blog-server/static/blog;
        index  index.html index.htm;
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   html;
    location /blog {

  1. Restart nginx
/usr/local/nginx/sbin/nginx -s reload

If prompted for the "ssl" parameter requires ngx_http_ssl_module, nginx also needs to install the ngx_http_ssl_module.

nginx installation ngx_http_ssl_module

My nginx installation directory is: /usr/local/nginx, source package at/usr/nginx-1.14.0
First enter the source package directory, execute

./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module

When the configuration is complete, run the command make command (note that you cannot make install here, or override the installation)


Replace the installed nginx package by backing up before replacing it:

cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak

Stop the nginx service first:

/usr/local/nginx/sbin/nginx -s stop

Overwrite the just compiled nginx with the original nginx

cp ./objs/nginx /usr/local/nginx/sbin/

Finally, you can start nginx


Delete Backup

rm -rf /usr/local/nginx/sbin/nginx.bak

We can see by command if the ssl module has been successfully added

[root@iZ8vbfhrv1vsbp44n9fdtoZ nginx-1.14.0]# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.14.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC)
built with OpenSSL 1.0.2k-fips  26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module

Try Visit (

Posted by jber on Sun, 10 Nov 2019 18:21:24 -0800