nginx使用ssl模块配置支持HTTPS访问,腾讯云申请免费证书

开始我尝试用 let's encrypt 让http 变 https

官方:https://github.com/certbot/certbot

参考:https://www.cnblogs.com/cool-fire/p/8205911.html

这个因本人太笨,没配置成功,转用腾讯大大平台的免费ssl,见以下:

 

 

阿里云服务器,腾讯云ssl配置步骤及遇到的问题:

1.阿里云服务器SSL开443端口

登录 =》云服务器ECS=》相应的服务器点 管理 =》左侧点 本实例安全组 =》安全组列表 点右侧的 配置规则 =》 在公网入 点添加安全组规则,完成如下:

2.在腾讯云注册个免费证书(搜索证书直达) 

  

3.Nginx配置SSL报错 nginx: [emerg] unknown directive "ssl"

要重新安装nginx 并配置

https://blog.csdn.net/weiyangdong/article/details/80008543

http://www.cnblogs.com/saneri/p/5391821.html

 

4.nginx在reload时候报错invalid PID number

https://www.cnblogs.com/tielemao/p/6163419.html

 

5.重启nginx  我后来重启服务器后成功

 

截图记录一下

 

6.nginx 配置端口以https访问

server {
    listen       80;
    server_name  www.yourdomain.com yourdomain.com;
    root /alidata/www/apiShop2;
    
    set $node_port 8360;

    index index.js index.html index.htm;
    
    if ( -f $request_filename/index.html ){
        rewrite (.*) $1/index.html break;
    }
    if ( !-f $request_filename ){
        rewrite (.*) /index.js;
    }
    location = /index.js {
        proxy_http_version 1.1;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass http://127.0.0.1:$node_port$request_uri;
        proxy_redirect off;
    }

    location ~ /static/ {
        etag         on;
        expires      max;
    }
}

server {
    listen 443;
    server_name  www.yourdomain.com yourdomain.com; #填写绑定证书的域名
    ssl on;
    ssl_certificate 1_www.yourdomain.com_bundle.crt;
    ssl_certificate_key 2_www.yourdomain.com.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
    ssl_prefer_server_ciphers on;
    location / {
        root /alidata/www/apiShop2; #站点目录
        set $node_port 8360;
        index  index.html index.htm;
        
        if ( -f $request_filename/index.html ){
            rewrite (.*) $1/index.html break;
        }
        if ( !-f $request_filename ){
            rewrite (.*) /index.js;
        }
        location = /index.js {
            proxy_http_version 1.1;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_set_header X-NginX-Proxy true;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_pass http://127.0.0.1:$node_port$request_uri;
            proxy_redirect off;
        }

        location ~ /static/ {
            etag         on;
            expires      max;
        }
    }
}

以上nginx 达到http 和 https 和 ip:8360 三个同时访问

当然可在nginx 加行配置把http 自动跳转到 https 大都这样做的

 

posted @ 2019-01-23 17:13  James2019  阅读(904)  评论(0编辑  收藏  举报