一.购买免费SSL证书
阿里云免费证书地址:https://common-buy.aliyun.com/?spm=5176.7968328.1266638..75b21232sD0tt0&commodityCode=cas#/buy
二.配置nginx
1.将下载的证书上传到/cert/nginx/目录下
2.修改/usr/local/nginx/conf/nginx.conf
需要开启443端口及配置证书,增加第3行、第13-22行到你的server中去,参考样例如下
server {
listen 80;
listen 443 ssl;
server_name www.wssaa.com;
location / {
proxy_pass http://wssaa;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# 配置ssl
ssl_certificate /cert/nginx/www.wssaa.com.crt;
ssl_certificate_key /cert/nginx/www.wssaa.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
}
上面配置里证书文件名称改为你自己的。crt文件跟pem文件通用,www.wssaa.com.crt等价于www.wssaa.com.pem
三.重启nginx
效验nginx.conf配置文件
/usr/local/nginx/sbin/nginx -t
效验通过,重启nginx
/usr/local/nginx/sbin/nginx -s reload