Linux 新增HTTPS證書
阿新 • • 發佈:2019-01-30
之前的文章是linux 做反向代理!
現在繼續新增證書。
cd /etc/nginx/conf.d
輸入rz 回車上傳證書檔案
9358.com.crt
9358.com.key
需要編輯兩個檔案
vi 9358.conf
server{
listen 80;
server_name 9358.com;
#做301將http跳轉到https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name 9358. vi www.9358.conf
配置如上,只是添加了www一項。
server{
listen 80;
server_name www.9358.com;
#做301將http跳轉到https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name www.9358.com;
root html;
ssl on;
ssl_certificate /etc/nginx/conf.d/9358.com.crt;
ssl_certificate_key /etc/nginx/conf.d/9358.com.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://www.9358.com;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
#Proxy Settings
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_max_temp_file_size 0;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
#新增dns到/etc/resolv.conf 或者是/etc/hosts,讓其能夠解析到IP。具體步驟如下:
#vim /etc/hosts
#修改hosts檔案,在hosts檔案裡面加上一句
#127.0.0.1 localhost.localdomain x.fleaphp.net
access_log /var/log/nginx/www.9358.com.access.log main;
error_log /var/log/nginx/www.9358.com.error.log warn;
}
儲存即可,
檢視vi /etc/hosts 是否配置了這兩條域名。
有重啟 service nginx restart即可