https證書配置 (nginx 、apache)
阿新 • • 發佈:2021-01-18
技術標籤:Linuxnginxhttpsnginxlinuxssl
申請證書
網址:https://freessl.cn/
- 填寫域名點選建立
- 按照生成的解析資訊,去域名解析平臺做解析
- 儲存到KeyManager (pc應用程式,需要下載,會有提示下載)
- 在KeyManager匯出域名證書檔案,可以匯出Nginx、Apache等各種型別的,按需匯出。
Nginx環境配置
nginx安裝目錄如下
1.建立目錄ssl
存放證書檔案
2.配置檔案,指向證書檔案位置
# http 重定向到 https
server {
listen 80;
root /home/www/songin.zhdingli.com;
index index.php index.html index.htm;
server_name songin.zhdingli.com;
server_tokens off;
#重定向到https
return 301 https://songin.zhdingli.com$request_uri;
}
# HTTPS 服務
server {
listen 443 ssl;
#https安全證書配置
ssl on;
ssl_certificate /etc/nginx/ssl/songin.zhdingli.com/cert.pem;
ssl_certificate_key /etc/nginx/ssl/songin.zhdingli.com/cert.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
#域名
server_name songin.zhdingli.com;
#訪問日誌
access_log /etc/nginx/logs/songin.zhdingli.com-ssl_access.log;
error_log /etc/nginx/logs/songin.zhdingli.com-ssl_error.log warn;
root /home/www/songin.zhdingli.com;
location / {
#root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
3.儲存配置後,重啟nginx
/etc/nginx/sbin/nginx -s reload