在Cloudflare創建ssl,然後在server 創建cert.pem/key.pem:
https://markontech.com/servers/configure-origin-cloudflare-ssl-with-nginx/
sudo nano /etc/pki/tls/certs/cert.pem
/etc/pki/tls/certs
/etc/ssl/pki/tls/certs/
listen 443 ssl http2;
Step 1. Register cloudflare account
Step 2. Rename the domain name server on alicloud domain setting from
ns7.alidns.com
ns8.alidns.com
to
irma.ns.cloudflare.com
nash.ns.cloudflare.com
Step 3. Generat a cert and key file on cloudflare.
Step 4. Add 443 port on alicould security group
Step 5. Create the ssl cert.pem and key.pem and paste the code from cloudflare ssl.
Step 6. Add 443 config to nano /etc/nginx/nginx.conf server part.
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate “/etc/pki/tls/certs/zhibocert.pem”;
ssl_certificate_key “/etc/ssl/private/zhibokey.pem”;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
Step 7. Restart the nginx.
