在Nginx中配置SSL备忘

发表于 更新于

关于如何获取ssl证书详见之前的文章,这里只对nginx.conf进行说明

查看配置文件路径

1
2
3
4
[root@VM-12-5-centos ~]# nginx -t
nginx: the configuration file /www/server/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /www/server/nginx/conf/nginx.conf test is successful

创建证书文件夹

1
mkdir /www/wwwroot/ssl

上传证书至服务器

sftp 宝塔 ssh工具等。上传至/www/wwwroot/ssl

1
2
3
[root@VM-12-5-centos ~]# cd /www/wwwroot/ssl
[root@VM-12-5-centos ssl]# ls
7750907_zhenghaoxuan.com.key  7750907_zhenghaoxuan.com.pem

ssl配置

修改 /www/server/nginx/conf/下的 nginx.conf ,方法很多,可以下载下来用编辑器修改也可在线用vi或者nano,宝塔等修改。

在http{}内新建server{}对象

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
server{
    listen 443 ssl; #监听443端口 443为默认,可更改
    server_name zhenghaoxuan.com;  #域名 
    ssl_certificate  /www/wwwroot/ssl/7750907_zhenghaoxuan.com.pem; #证书位置
    ssl_certificate_key  /www/wwwroot/ssl/7750907_zhenghaoxuan.com.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    location / {
        root /www/wwwroot/hexo/public;   #hexo build后的静态文件路径   
        try_files $uri $uri/ /index.html;
    }
  }

server {
    listen 80;
    server_name zhenghaoxuan.com;
    rewrite ^(.*)$ https://$host:443$1 permanent; #80端口强制跳转443端口
  }

验证配置文件

1
2
3
[root@VM-12-5-centos ssl]# nginx -t
nginx: the configuration file /www/server/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /www/server/nginx/conf/nginx.conf test is successful

重载配置文件

1
[root@VM-12-5-centos ssl]# nginx -s reload

结束