1.购买申请证书
2.下载Nginx证书
3.在/etc/nginx/下新建cert目录,拷贝证书到该目录下
4.证书改个人类友好的名字
5.修改Nginx配置文件,添加对443端口的监听
1
2
3
4
5
| listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate /etc/nginx/cert/sslconfigure.pem;
ssl_certificate_key /etc/nginx/cert/sslconfigure.key;
|
6.测试配置是否正常nginx -t
7.云服务器平台开启443端口
8.防火墙打开443端口ufw allow 443
9.Nginx重新加载配置文件nginx -s reload
10.测试curl -I https://xxx.com
11.浏览器验证
12.将http重定向到https,rewrite ^(.*)$ https://$host$1;
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
| upstream my_server{
server xxx.xx.xx.xx:8080;
keepalive 2000;
}
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
rewrite ^(.*)$ https://$host$1;
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name qzwjer.top;
ssl_certificate /etc/nginx/cert/sslconfigure.pem;
ssl_certificate_key /etc/nginx/cert/sslconfigure.key;
location / {
proxy_pass http://my_server;
proxy_set_header Host $host:$server_port;
try_files $uri $uri/ =404;
}
location ^~ /doc/ {
alias /root/doc/;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
charset utf-8,gbk;
}
location ~ .* {
proxy_pass http://my_server;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
|
