Use https rather then http

Enable HTTPS on your website!

What I used:

Maybe you need to install nginx: Official Docs for Nginx

Before Enable HTTPS, you should install certbot on your machine(I use Ubuntu 16.04):

1
2
3
4
5
$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot

After install certbot,let`s get your first certificate(a certificate (a type of file) from a Certificate Authority (CA)), Let’s Encrypt is a CA.

1
$ certbot certonly --standalone -d domain.com

Caution: using --standalone to get certificate will occupy 443 port! So I will stop my nginx.

Now you should configure the nginx in /etc/nginx/conf.d/default.conf:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
upstream jenkins {
server localhost:8080;
}
upstream pan {
server localhost:9000;
}

server {
listen 443;
server_name first.domain.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/first.hsocode.top/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/first.hsocode.top/privkey.pem;

location / {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header X_FORWARDED_PROTO https;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
}
server {
listen 443;
server_name second.domain.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/second.hsocode.top/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/second.hsocode.top/privkey.pem;

location / {
proxy_pass http://localhost:9000;
proxy_http_version 1.1;
proxy_set_header X_FORWARDED_PROTO https;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
}
server {
listen 80;
server_name first.domain.com;
rewrite ^(.*)$ https://${server_name}$1 permanent;
}

server {
listen 80;
server_name second.domain.com;
rewrite ^(.*)$ https://${server_name}$1 permanent;
}

Check you certificates:

1
$ certbot certificates

hsowan wechat
欢迎您扫一扫上面的微信公众号,订阅我的博客!