http => https 升級
阿新 • • 發佈:2018-07-24
see install server fast play cto 名稱 isa 默認
準備證書
- 阿裏雲安全(雲盾)-> CA證書服務,購買證書,個人測試的話可以使用免費的,期限1年。
- 購買證書後,把域名與證書進行綁定,提交審核,大概10分鐘左右,正常情況下審核就可以通過。證書準備完成。
安裝nginx
- apt-get update
- apt-get upgrade
- apt-get install nginx
- nginx -v
默認監聽80端口,輸入ip/域名(如果域名已解析)即可打開nginx默認的html頁面。
升級為https
制作測試站點
- 把自己的項目部署文件放到 /var/wwww/ 目錄下
- cd /etc/nginx/sites-available
- ls 可以看到nginx默認的配置,可以使用 vi default 編輯配置內容
- 拷貝一個:cp default wxzs.cn(一般以項目名稱命名)
-
vi wxzs.cn
`
server { listen 80; # SSL configuration # # listen 443 ssl default_server; # listen [::]:443 ssl default_server; # # SSL configuration # # listen 443 ssl default_server; # listen [::]:443 ssl default_server; # # Note: You should disable gzip for SSL traffic. # See: https://bugs.debian.org/773332 # # Read up on ssl_ciphers to ensure a secure configuration. # See: https://bugs.debian.org/765782 # # Self signed certs generated by the ssl-cert package # Don‘t use them in a production server! # # include snippets/snakeoil.conf; # 發布目錄 root /var/www/wxzs.cn; # Add index.php to the list if you are using PHP index index.html index.htm index.nginx-debian.html; # 服務名稱 server_name wxzs.cn; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; } # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # include snippets/fastcgi-php.conf; # # # With php7.0-cgi alone: # fastcgi_pass 127.0.0.1:9000; # # With php7.0-fpm: # fastcgi_pass unix:/run/php/php7.0-fpm.sock; #} # deny access to .htaccess files, if Apache‘s document root # concurs with nginx‘s one # #location ~ /\.ht { # deny all; #} }
`
- cd /etc/nginx/sites-enabled
- 執行 ll 可以是軟連接到/etc/nginx/sites-available
- ln -s /etc/nginx/sites-available/wxzs.cn .
此時
使用CA證書
- 從阿裏雲下載證書,並上傳到服務器
- cd /etc/nginx
-
mkdir cert 把證書放入該目錄中,並解壓
-
修改自己的站點配置:wxzs.cn ,當然一個配置中可以有多個server配置
`
server { listen 443; server_name wxzs.cn; ssl on; # 發布文件目錄 root /var/www/wxzs.cn; index index.html index.htm; ssl_certificate cert/214291297430106.pem; ssl_certificate_key cert/214291297430106.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { #root html; index index.html index.htm; } }
`
此時再輸入:https://域名 即可訪問了。
http => https 升級