1. Synthesize the certificate files required by Nginx:
Create a new Notepad file, copy the certificate (.crt) content to the first section of the Notepad, and copy the certificate chain (.ca) content to the second section; (as shown below)
Then save and rename the notepad to: yourdomain_chain.com.crt (for example: sslsky.com_chain.crt);
If you need a pem format certificate, you can directly modify the suffix to: yourdomain_chain.com.pem
Prepare the following files:
sslsky.com_chain.crt (certificate file containing the certificate chain) sslsky.com.key (private key file)
2. Environment detection , the detection command is as follows (test whether nginx supports SSL)
nginx -V
If –with-http_ssl_module is displayed, it means openssl has been compiled and supports installing ssl
If it is not installed, please download the nginx source code and recompile it
./configure --with-http_stub_status_module --with-http_ssl_module make && make install
3. Configure Nginx
server {
listen 80;
listen 443 ssl;
server_name www.sslsky.com;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_certificate /etc/ssl/sslsky.com.crt;
ssl_certificate_key /etc/ssl/sslsky.com.key;
ssl_prefer_server_ciphers on;
#Automatically jump to HTTPS (optional)
if ($server_port = 80) {
rewrite ^(.*)$ https://$host$1 permanent;
}
location / {
root /home/sslsky/;
index index.php;
}
}
The above configuration is for reference only. Please add other parameters according to the production environment needs.
4. Restart nginx after installation to make it take effect
centos6 service nginx restart centos7 systemctl restart nginx
Troubleshooting:
If you use CDN (accelerator) , you need to install a certificate on the CDN. Domestic free accelerators do not support https (it is known that Alibaba Cloud CDN supports it)
Check whether port 443 is enabled using the following command netstat -apnt | grep 443 (if not enabled, check the configuration file or port conflict)
If port 443 is enabled but cannot be accessed , please check the firewall (or security dog) to allow port 443.
Linux iptables uses the following command:
iptables -A INPUT -p tcp -m tcp --dport https -j ACCEPT
