Linux Nginx 配置 SSL 证书

切到 Nginx 目录下

cd /etc/nginx

新建 cert 文件夹

mkdir cert

上传从颁发证书网站下载下来的 Nginx 专用的 .crt 和 .key 文件

# 切到本地证书所在目录
scp -r ./ root@host:/etc/nginx/cert/

配置 SSL 证书

# 监听 443 端口
listen 443;
server_name mazey.net;
root /web/path;
# ssl
ssl on;
ssl_certificate /etc/nginx/cert/1_mazey.net_bundle.crt;
ssl_certificate_key /etc/nginx/cert/2_mazey.net.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;

重定向 http 到 https

server {
    listen 80;
    server_name mazey.net;
    rewrite ^(.*)$ https://$host$1 permanent;
}

重启 Nginx

service nginx restart

注意

若配置完 SSL 证书以后网页无法访问,Nginx 重启也不报错,考虑是服务器防火墙 443 端口未开放,可使用 netstat -anp 查看。

tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      413322/nginx

1 Comment

  1. reviewer
    dellca
    七月 31, 2018

    Lee and Larry ƅeloved their sіxth birthday party.
    Although they have been twins, Mommy and Daddу all the time made positive they each haɗ a particulɑr time.
    And with their birthdays cⲟming in Dеcember, Mommy and Daddy additionally
    always made certain their birthdays had been spеcial though Christmas was proper aroᥙnd the corner.

    The party was so fun witһ a clown and cake and songs and wonderful presents from their
    pals and ցrandparеnts and սncle and aunts. It glided by
    so quіcқ however before thеy knew it, everyone had
    gone housе and it was time to scrᥙb up and ցet ready for ƅed.

    回复

发表评论

电子邮件地址不会被公开。 必填项已用*标注