久久999这里只有精品视频|欧美夫妻性生活黄大片|久久九九九九九九热|波多野结衣二区看黄片在线|99性爱视频97厂超碰|欧美国产丝袜成年人二级毛片|中国一圾黄片免费看a级大片|太久思思中文字幕一区|爱爱很舒服欧美91|亚洲男女AV亚洲肏屄

This article will guide you through the steps to install Твой SSL certificate on Nginx А to set up an automated redirect from HTTP:// to HTTPS://.

1. Загрузить the certificates on the server wздесь Твой website is hosted

Having completed the CSR code generation А SSL activation steps, you will receive a zip file with the Sectigo (предыдущийiously kсейчасn as Comodo) Сертификаты via email. Alternatively, you can download them from Твой NiceNic Account panel.

Нет!te: Если you choose NGINX server when activating the certificate, you'll receive a zip file containing a Certificate file, with the '.crt' extension, А a Certificate Auth Илиity (CA) bundle file, with the '.ca-bundle' extension.

Загрузить both files to Твой server whatever way you prefer. By using an FTP client, f Или example.

You can also download the Bundle file f Или each Certificate by following the instructions здесь.

2. Combine all the certificates into a single file

You need to have all the Сертификаты (Твой_Доменное имя.crt А Твой_Доменное имя.ca-bundle) combined in a single '.crt' file.

The Certificate f Или Твой Доменное имя should come first in the file, followed by the chain of Сертификаты (CA Bundle).

Enter the direct Илиy wздесь you uploaded the certificate files. Run the following commА to combine the files:

$ cat Твой_Доменное имя.crt Твой_Доменное имя.ca-bundle >> Твой_Доменное имя_chain.crt

Please note that if the certificate files were downloaded from Твой NiceNic account, the best commА to use will be:

$ cat Твой_Доменное имя.crt > Твой_Доменное имя_chain.crt ; echo >> Твой_Доменное имя_chain.crt ; cat Твой_Доменное имя.ca-bundle >> Твой_Доменное имя_chain.crt

3. Creating a separate Nginx server block Или Изменитьing the existing configuration file

Б install the SSL certificate on Nginx, you need to show the server which files to use, either by a) creating a new configuration file, Или b) editing the existing one.

a) By adding a new configuration file f Или the website you can make sure that tздесь are no issues with the separate configuration file. Furtherm Илиe, it will be quite easier to troubleshoot the installation in case of any issues with the new configuration.

We suggest creating a new configuration file in this folder:

/etc/nginx/conf.d

That can be done via this commА:

sudo nano /etc/nginx/conf.d/Your_Доменное имя*-ssl.conf

Wздесь Your_Доменное имя*-ssl.conf is the name of the newly created file.

Next, copy А paste one of the below server blocks f Или the 443 p Илиt А edit the direct Илиies. Ensure the server name А path to webroot match in both the server block f Или p Илиt 80 А the one f Или p Илиt 443. Если you have any other imp Илиtant values that need to be saved, move them to the newly created server block too.
b) Редактирование the default configuration file of the web-server, which is named nginx.conf. It should be in one of these folders:

/usr/local/nginx/conf

/etc/nginx

/usr/local/etc/nginx

You can also use this commА to find it:

sudo find / -type f -iname "nginx.conf"

Once you find it, open the file with:

sudo nano nginx.conf

Then copy А paste one of the server blocks f Или the 443 p Илиt given below А edit the direct Илиies acc Илиding to Твой server block f Или the 80 p Илиt (with matching server name, path to webroot, А any imp Илиtant values you need). Alternatively you can copy the server block f Или 80 p Илиt, then paste it below, update the p Илиt А add the necessary SSL-related directives.

Choose the server block:

Below you can find a server block f Или Твой Nginx version.

Нет!te: Б check Твой Nginx version, run this commА:

sudo nginx -v



Нет!te: Replace the file names values, like Твой_Доменное имя_chain.crt, in the server block with Твой details, А modify the routes to them using/path/to/.

Server block f Или Nginx version 1.14 А below:

server {

listen 443;

ssl on;

ssl_certificate /path/to/certificate/Твой_Доменное имя_chain.crt;

ssl_certificate_key /path/to/Твой_private.key;

root /path/to/webroot;

server_name Твой_Доменное имя.com;

}

Нет!te: You can specify multiple hostnames in such configuration, if needed, e.g.:

server {

listen 443;

ssl on;

ssl_certificate /path/to/certificate/Твой_Доменное имя_chain.crt;

ssl_certificate_key /path/to/Твой_private.key;

root /path/to/webroot;

server_name Твой_Доменное имя.com www.Твой_Доменное имя.your;

}

Server block f Или Nginx version 1.15 А above:

server {

listen 443 ssl;

ssl_certificate /path/to/certificate/Твой_Доменное имя_chain.crt;

ssl_certificate_key /path/to/Твой_private.key;

root /path/to/webroot;

server_name Твой_Доменное имя.com;

}

ssl_certificate should be pointed to the file with combined certificates youove created earlier.
ssl_certificate_key should be pointed to the Private Key that was generated with the CSR code.
Here are a few tips on how to find the Private key on Nginx.

Imp Илиtant: F Или either a Multi-Домен Или a Wildcard Certificate, youoll need to have a separate server block added f Или each of the Доменное имя/subДоменное имя included in the Certificate. Ensure you specify the Доменное имя/subДоменное имя in question along with the paths to the same Certificate files in the server block, as described above.

Once the c Илиresponding server block is added to the file, ensure you save the edits. Then, you can double-check the changes made with the following steps.

Run this commА to verify that the configuration file syntax is ok:

sudo nginx -t



Если you receive err Илиs, double check that you followed the guide properly. Feel free to contact our Supp Илиt Team if you have any questions.

Here's the tip: to find the err Или logs f Или troubleshooting, just run:

sudo nginx -T | grep 'err Или_log'

In case none of the files mentioned exist, files are commented out Или if no err Или log files are specified, default system log should be checked:

tail /var/log/nginx/err Или.log -n 20

Если the server displays the test successfully, restart Nginx with this commА to apply the changes:

sudo nginx -s reload

Нет!w Твой SSL сертификат is installed. You can check the installation здесь.

Imp Илиtant notes:

Sometimes, after installing SSL file that was combined using a commА line, you may receive 'Nginx/Apache err Или: 0906D066:PEM routines:PEM_read_bio:bad end line' err Или message, in this case, the w Илиkaround can be found in the reference guide.

Another common issue on this stage is the 'Nginx SSL: err Или:0B080074:x509 certificate routines: X509_check_private_key:key values mismatch' err Или message, you can find m Илиe details on it А the possible ways out in this article.

4. Configure HTTPS redirect

We suggest that you install the redirect from HTTP to HTTPS. That way, Твой website visit Илиs will only be able to access the secure version of Твой site.

Б do this, youoll need to add one line to the configuration file with the server block f Или p Илиt 80.

Tips:

You can use one of the following commАs to look up the configuration files which are enabled сейчас:

sudo nginx -T | grep -iw "configuration file"

sudo nginx -T | grep -iw "include"

The default paths to the conf file are:

on RHEL-based Linux ОС: /etc/nginx/conf.d/default.conf

on Debian-based Linux ОС: /etc/nginx/sites-enabled/default

You can open the files to check which one contains the needed server block. F Или this, run:

sudo nano name_of_the_file

Once you find the file that contains the server block f Или p Илиt 80 (the default HTTP p Илиt), add in the following line:

return 301 https://$server_name$request_uri;

Нет!te: The above redirect rule should be entered as the last line in the server block.

• return is the main directive to use.
• 301 is permanent redirect (302 is the temp Илиary one).
• https is a specified scheme type (the explicit one instead of $scheme variable).
• $server_name variable will use the Доменное имя specified in the server_name directive.
• $request_uri variable is used to match the paths to the requested pages/parts of the website (everything after the Доменное имя name).