一,准备工作
- 证书秘钥,推荐 Freessl
- Nginx 服务器
二,修改配置文件
1,ssl 配置文件 ssl.conf
server { listen 443 ssl; server_name yourdomain.com; # 项目路径 root /www/trunk; # 配证书的pem|key文件地址 ssl_certificate /etc/cert/yoursignature.pem; ssl_certificate_key /etc/cert/yoursignature.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; # Load configuration files for the default server block. # include /etc/nginx/default.d/*.conf; location / { root /www/trunk; index index.php index.html index.htm; } error_page 404 /404.html; location = /404.html { root /usr/share/nginx/html; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # location ~ \.php$ { root /www/trunk; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /www/trunk$fastcgi_script_name; include fastcgi_params; } # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # location ~ /\.ht { deny all; } }
2,修改 nginx 默认配置 default.conf
server { listen 80; server_name yourdomain.com; rewrite ^(.*)$ https://$host$1 permanent; }
三,重启 Nginx
systemctl restart nginx.service
欢迎来到这里!
我们正在构建一个小众社区,大家在这里相互信任,以平等 • 自由 • 奔放的价值观进行分享交流。最终,希望大家能够找到与自己志同道合的伙伴,共同成长。
注册 关于