阿里云Nginx配置ssl证书-http转https

一、购买下载证书

二、将下载的证书上传到服务器

1、服务器根目录新增文件夹cert

cd /etc/nginx/

mkdir cert

2、本地证书上传到服务器

scp 证书地址/证书文件 root@服务器地址:/nginx根目录/cert/

 

三、更改nginx配置文件

vim /etc/nginx/conf.d/default.conf
server {
        listen 80;
        listen [::]:80;

        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.php index.html index.htm index.nginx-debian.html;

        server_name 域名地址;

        #将 http 重定向 https
        return 301 https://$server_name$request_uri;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ /index.php?$query_string;
        }

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        location ~ \.php$ {
                try_files $uri /index.php =404;
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
        }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #       deny all;
        #}

}


#https
server {
        listen 443;
        server_name 域名地址;
        ssl on;
        root /var/www/html;
        index index.php index.html index.htm;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ /index.php?$query_string;
        }

        location ~ \.php$ {
                try_files $uri /index.php =404;
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
        }

        # ssl证书地址
        ssl_certificate     /etc/nginx/cert/证书名称.pem;  # pem文件的路径
        ssl_certificate_key  /etc/nginx/cert/证书名称.key; # key文件的路径

        # ssl验证相关配置
        ssl_session_timeout  5m;    #缓存有效期
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;    #加密算法
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;    #安全链接可选的加密协议
        ssl_prefer_server_ciphers on;   #使用服务器端的首选算法

}
重启nginx
service nginx restart

 

四、设置安全组

1、阿里云控制台->云服务器ECS->网络与安全->安全组

posted @ 2020-08-20 15:07  暮雨浅忆  阅读(3608)  评论(0编辑  收藏  举报