本文简明扼要介绍http单站点转https方法:
1、申请CA证书
登录阿里云控制台,进入CA证书服务,申请证书
申请成功后,下载证书到本地,证书中有.key和.pem两个文件;
2、正在nginx安装目录下面的conf中新建cert目录,将下载的证书放到cert中
3、打开站点文件,将80端口转向至https
server{
listen 80;
server_name www.topsky.shop;
rewrite ^(.*)$ https://$host$1 permanent;
}
监听443端口,开启ssl
server
{
listen 443;
#listen [::]:80;
server_name www.topsky.shop;
ssl on;
index index.html index.htm index.php default.html default.htm default.php;
root /www/webroot/topsky.shop;
ssl_certificate ../cert/214270003520198.pem;
ssl_certificate_key ../cert/214270003520198.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
include other.conf;
#error_page 404 /404.html;
include enable-php-pathinfo.conf;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /\.
{
deny all;
}
access_log /home/wwwlogs/www.topsky.shop.log;
}
4、重启lnmp即是实现http转https
lnmp restart;