CentOS 7.4nginx配置SSL

一、在/etc/nginx/conf.d目录下创建虚拟主机配置文件

server {
    listen       80;
    server_name  www.xx.com xx.com;
    return 301 https://$server_name$request_uri;
}
server { 
       listen       443; 
       server_name  www.xx.com xx.com; 
       ssl                  on; 
       ssl_certificate      /www/xx.com/ssl/xx.com-ca-bundle.crt;
       ssl_certificate_key      /www/xx.com/ssl/xx.com.key;
       ssl_session_timeout  5m; 
       ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
       ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;

       ssl_prefer_server_ciphers   on; 
       location / { 
           root   /www/xx.com/www/www; 
           index  index.html index.htm; 
       } 
}

 二、查看443端口是否打开

　　firewall-cmd --zone=public --list-ports

三、如果没有打开增加443端口

　　firewall-cmd --zone=public --add-port=443/tcp --permanent

四、重新载入防火墙

　　firewall-cmd --reload