HTTPS (full name: Hyper Text Transfer Protocol over Secure Socket Layer) is an HTTP channel that aims at security. In short, it is the secure version of HTTP. That is to say, the SSL layer is added under HTTP. The security foundation of HTTPS is SSL, so the details of encryption need SSL.

Application certificate:
You can apply for free certificates from Alibaba Cloud and Tencent Cloud.

Installation certificate:
After downloading the certificate, you will see the following folders. We only need to use the. crt and. key files in nginx
 Nginx configures the certificate and adds https to the website
 Nginx configures the certificate and adds https to the website

View ngixn version and compilation parameters
/usr/local/nginx/sbin/nginx -V

If the ssl module is not installed, recompile and install the ssl module
./configure --prefix=/usr/local/nginx--with-http_stub_status_module --with-http_ssl_module --with-file-aio --with-http_realip_module

make Do not make install, or the installation will be overwritten
After making, there is another nginx in the objs directory. This is the new version of the program
Back up old nginx programs
cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
Overwrite the old nginx program with the new one
cp objs/nginx /usr/local/nginx/sbin/nginx
Test whether the new nginx program is correct
/usr/local/nginx/sbin/nginx -t

Modify nginx configuration file:
Upload the certificate to/usr/local/nginx/ssl. If you do not create an ssl folder yourself
Add the following code to the server module:

 listen       80; listen       443 ssl; server_name  www.51it.wang;  #The certificate (public key. sent to the client) server.crt represents the certificate name and suffix ssl_certificate /usr/local/nginx/ssl/www.51it.wang.crt; #Private key, server.key indicates the file name ssl_certificate_key /usr/local/nginx/ssl/www.51it.wang.key; ssl_session_cache    shared:SSL:1m; ssl_session_timeout  5m; #Enable more calculation modes ssl_ciphers  HIGH:! aNULL:! MD5; ssl_prefer_server_ciphers  on;

Both http and https can be accessed in the above configuration. To force https, join ssl on;

Reference article:
https://www.cnblogs.com/zhming26/p/6278667.html
https://blog.csdn.net/revitalizing/article/details/55271848