Website construction, domain name and certificate configuration

1. Purchase a cloud server

The same is true of where to buy cloud servers

Second, the server installation of various tools

With a server, we need to install the tools we need on the server, mainly the following

• nginx: It can be used as a static resource service, and can configure domain name, proxy, etc., or php, this is optional
• git: deployment updates generally use git
• yarn: used to yarn, npm can also
• node: npm package

3. Deploy the website

With a server, we can deploy our website

That is to deploy the website to a directory on the server, you can decide how to do it yourself, copy it manually, or use pm2, or docker, whatever you want

We deploy static resources to the /usr/share/nginx/html directory, which is the nginx static resource service

We can directly execute vim /etc/nginx/nginx.conf Open the nginx configuration file and take a look at the configuration

 server {
      listen       80 default_server;
      listen       [::]:80 default_server;
      # 静态资源目录
      root         /usr/share/nginx/html;

      # Load configuration files for the default server block.
      include /etc/nginx/default.d/*.conf;

      error_page 404 /404.html;
          location = /40x.html {
      }

      error_page 500 502 503 504 /50x.html;
          location = /50x.html {
      }
  }

After the static resources are deployed, you can access the website through ip

Note: If we are not deploying static resources, but a node service, then we do not need nginx/php services, just run the node service directly on the server, and then access the service through ip+port

In addition, the default server port may only open port 80. If you want to access services through other ports, you need to configure the inbound and outbound rules of the security group at the server operator, such as Baidu Cloud

4. Application for domain name and domain name filing

At present, we can only access the website through ip, so we need to apply for a domain name. You can buy a domain name anywhere, such as Tencent Cloud, Baidu Cloud, Alibaba Cloud, Huawei Cloud, etc.

After the domain name is successfully purchased, it is necessary to file the domain name. After the approval of the Ministry of Industry and Information Technology, the cloud server that is generally purchased is recorded there. It will take a few days for the record to pass the review. After the domain name is approved, it can be used.

Five, configure the domain name in the nginx service

After the domain name registration is approved, directly execute it in the service vim /etc/nginx/nginx.conf open the nginx configuration file configuration

 server {
      listen       80 default_server;
      listen       [::]:80 default_server;
      # 配置服务域名
      server_name  hstarx.cn;

      root         /usr/share/nginx/html;

      # Load configuration files for the default server block.
      include /etc/nginx/default.d/*.conf;

      error_page 404 /404.html;
          location = /40x.html {
      }

      error_page 500 502 503 504 /50x.html;
          location = /50x.html {
      }
  }

At this point, we can access the website through the domain name

6. Configure SSL certificate

At present, the domain name can only be accessed through http, and there is no security at all. We can apply for one at any service provider. Generally, it is free. I applied for it in Tencent Cloud.

SSL certificate installation tutorial: SSL certificate installation , Nginx certificate installation tutorial

The specific process of Nginx certificate installation is roughly as follows:

1. Download the certificate and upload the certificate to the server

   For example, I put the certificate in the /root/httpsCrt directory

    [root@lsgKTGIOfR httpsCrt]# pwd
   /root/httpsCrt
   [root@lsgKTGIOfR httpsCrt]# ls
   Apache  IIS  Nginx  Tomcat  www.hstarx.cn.csr  www.hstarx.cn.key  www.hstarx.cn.pem

2. Execute directly in the service vim /etc/nginx/nginx.conf Open the nginx configuration file to configure the certificate path, etc.

    #这是原来的
   server {
    listen       80 default_server;
    listen       [::]:80 default_server;
    server_name  hstarx.cn;
   
    root         /var/www/blog_hexo/;
   
    # Load configuration files for the default server block.
    include /etc/nginx/default.d/*.conf;
   
    error_page 404 /404.html;
        location = /40x.html {
    }
   
    error_page 500 502 503 504 /50x.html;
        location = /50x.html {
    }
   }
   
   # 这是新加的
   server {
    listen       443 ssl http2 default_server;
    listen       [::]:443 ssl http2 default_server;
    server_name  hstarx.cn;
    root         /var/www/blog_hexo/;
   
    ssl_certificate "/root/httpsCrt/Nginx/1_www.hstarx.cn_bundle.crt";
    ssl_certificate_key "/root/httpsCrt/Nginx/2_www.hstarx.cn.key";
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout  10m;
    ssl_ciphers PROFILE=SYSTEM;
    ssl_prefer_server_ciphers on;
   
    # Load configuration files for the default server block.
    include /etc/nginx/default.d/*.conf;
   
    location / {
    }
   
    error_page 404 /404.html;
        location = /40x.html {
    }
   
    error_page 500 502 503 504 /50x.html;
        location = /50x.html {
    }
   }

At this point, we can access our domain name through https

7. Other questions about domain name resolution

1. not accessible via www

   You need to add a DNS resolution record
   

2. Add a subdomain, similar to 1
3. You can also resolve different ips in this way (haven't tried it)
4. How to force http access to https access: nginx http forced to https