Fork me on GitHub

https证书

准备证书

  • 阿里云安全(云盾)-> CA证书服务,购买证书,个人测试的话可以使用免费的,期限1年。
  • 购买证书后,把域名与证书进行绑定,提交审核,大概10分钟左右,正常情况下审核就可以通过。证书准备完成。

安装nginx

  • apt-get update
  • apt-get upgrade
  • apt-get install nginx
  • nginx -v

默认监听80端口,输入ip/域名(如果域名已解析)即可打开nginx默认的html页面。

升级为https

制作测试站点

  • 把自己的项目部署文件放到 /var/wwww/ 目录下
  • cd /etc/nginx/sites-available
  • ls 可以看到nginx默认的配置,可以使用 vi default 编辑配置内容
  • 拷贝一个:cp default wxzs.cn(一般以项目名称命名)
  • vi wxzs.cn

    `

    server {
        listen 80;
    
        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;
        # 发布目录
        root /var/www/wxzs.cn;
    
        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;
        # 服务名称
        server_name wxzs.cn;
    
        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }
    
        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #       include snippets/fastcgi-php.conf;
        #
        #       # With php7.0-cgi alone:
        #       fastcgi_pass 127.0.0.1:9000;
        #       # With php7.0-fpm:
        #       fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        #}
    
        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #       deny all;
        #}
    }   
    

    `

  • cd /etc/nginx/sites-enabled
  • 执行 ll 可以是软连接到/etc/nginx/sites-available
  • ln -s /etc/nginx/sites-available/wxzs.cn .

此时

使用CA证书

  • 从阿里云下载证书,并上传到服务器
  • cd /etc/nginx
  • mkdir cert 把证书放入该目录中,并解压

  • 修改自己的站点配置:wxzs.cn ,当然一个配置中可以有多个server配置

    `

    server {
        listen 443;
        server_name wxzs.cn;
        ssl on;
        # 发布文件目录
        root /var/www/wxzs.cn; 
        index index.html index.htm;
        ssl_certificate   cert/214291297430106.pem;
        ssl_certificate_key  cert/214291297430106.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        location / {
            #root html;
            index index.html index.htm;
        }
    }
    

    `

此时再输入:https://域名 即可访问了。

posted @ 2017-10-12 21:45  迁梦余光  阅读(191)  评论(0编辑  收藏  举报