Alibaba cloud server adds an SSL certificate to the WordPress website and sets http to automatically jump to https

Posted by suspect_device on Tue, 23 Nov 2021 23:17:58 +0100

Add an SSL certificate to the WordPress website and set http to automatically jump to https

Download certificate to local

First, my certificate is an alicloud certificate. That is, the free certificate downloaded from this console. Of course, you can apply for it yourself. You'll end up with two files.

WordPress websites basically use nginx Web servers. So I chose to download the certificate required by nginx.

After downloading, these two files are what we need.

Upload certificate to server

The following is to upload the certificate to the server.

You can connect to the server through FileZilla software and upload files to / usr/local/nginx/conf/ssh/cert.

Note that if the cert directory does not exist, create this directory yourself.

Modify nginx configuration file

Generally speaking, it is to modify the nginx.conf file in the / usr/local/nginx/conf directory.

However, since we are a WordPress website, we will actually find a vhost directory under / usr/local/nginx/conf.

That is, there is a wordpress.conf file in the / usr/local/nginx/conf/vhost directory.

Download and open it. You can see the following:

server {
  listen 80;
  listen [::]:80;
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  ssl_certificate /usr/local/nginx/conf/ssl/www.example.com.crt;
  ssl_certificate_key /usr/local/nginx/conf/ssl/www.example.com.key;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
  ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
  ssl_prefer_server_ciphers on;
  ssl_session_timeout 10m;
  ssl_session_cache builtin:1000 shared:SSL:10m;
  ssl_buffer_size 1400;
  add_header Strict-Transport-Security max-age=15768000;
  ssl_stapling on;
  ssl_stapling_verify on;
  server_name _;
  access_log /data/wwwlogs/wordpress_nginx.log combined;
  index index.html index.htm index.php;
  root /data/wwwroot/wordpress;
  #if ($ssl_protocol = "") { return 301 https://$host$request_uri; }
  #if ($host != www.example.com) {  return 301 $scheme://www.example.com$request_uri;  }
  include /usr/local/nginx/conf/rewrite/wordpress.conf;
  #error_page 404 /404.html;
  #error_page 502 /502.html;
  
  location ~ [^/]\.php(/|$) {
    #fastcgi_pass remote_php_ip:9000;
    fastcgi_pass unix:/dev/shm/php-cgi.sock;
    fastcgi_index index.php;
    include fastcgi.conf;
  }

  location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
    expires 30d;
    access_log off;
  }
  location ~ .*\.(js|css)?$ {
    expires 7d;
    access_log off;
  }
  location ~ /(\.user\.ini|\.ht|\.git|\.svn|\.project|LICENSE|README\.md) {
    deny all;
  }
}

Well, we just need to modify it

ssl_certificate /usr/local/nginx/conf/ssl/www.example.com.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/www.example.com.key;

These two lines are enough. Modify it to the following (note that please use your own file name for the file name)

ssl_certificate /usr/local/nginx/conf/cert/Your file name.pem;  #You need to replace your file name. pem with the name of the certificate file you have uploaded.
ssl_certificate_key /usr/local/nginx/conf/cert/Your file name.key; #You need to replace your file name. Key with the name of the certificate key file you uploaded.

Set http jump to https

In fact, if your previous steps are the same as mine, and wordpress.conf is the same, you don't need to modify it.

If not, in fact, it is very simple to start the jump.

Add the following string to the server {} structure of wordpress.conf file.

rewrite ^(.*)$ https://$host$1; # Redirect all HTTP requests to HTTPS through the rewrite instruction.

Restart the Nginx service

Execute the following command

#Enter the executable directory of the Nginx service.
cd /usr/local/nginx/sbin  
#Reload the configuration file.
./nginx -s reload

If. / nginx -s reload is executed, an error of insufficient permission is reported.

Use sudo. / nginx - s reload

contact information

What questions can a subscriber have to contact me through the official account? Note when adding me wpssl

If you can't solve it by reading the article, you can help solve the problem.

Official account name: programming trip

Pay attention to the official account and get the contact information.

Friendship link (for advertising cooperation, please contact me)

Technical data integration

Integration of IT data

Java technology

Focus on front-end development

Programming world, focusing on all kinds of development

Focus on Python development

Professional photography knowledge, tourism photography sharing

IT information and technical knowledge

Blockchain

Car news

Entertainment pioneer

Programming knowledge

IT technology Stack

Traditional Chinese home

Topics: SSL http https

Programmer Think