今天给自己的博客申请了证书顺便用上写下安装过程,虽然并不曲折。。。
具体的申请方法我就不说了。反正你手里要有1_xxx.xxxxx.xxx_bundle.crt和2_xxx.xxxxx.xxx.key两个文件,然后说具体的配置
将两个上传至服务器
编辑你自己站点的Nginx服务配置文件xxx.conf (通常在、/etc/nginx/conf.d目录下)
以我的为例:mysite.conf
server {
listen 80; #端口号
server_name www.htblog.cc; # 域名
charset utf-8;
access_log /var/log/nginx/mysite.access.log main;
error_log /var/log/nginx/mysite.error.log warn;
rewrite ^(.*) https://$host$1 permanent;#产生http请求后重定向到https
location / {
root /var/www/mysite;
index index.html index.htm;
include uwsgi_params;
uwsgi_pass 127.0.0.1:5000;
uwsgi_param UWSGI_PYHOME /var/www/mysite_env;
uwsgi_param UWSGI_CHDIR /var/www/mysite;
uwsgi_param PYTHONPATH /var/www/mysite;
uwsgi_param UWSGI_MODULE run;
uwsgi_param UWSGI_CALLABLE app;
}
}
#加证书配置
server {
listen 443;
server_name www.htblog.cc;
charset utf-8;
ssl on;
access_log /var/log/nginx/mysite.access.log main;
error_log /var/log/nginx/mysite.error.log warn;
listen 443;
server_name www.htblog.cc;
charset utf-8;
ssl on;
ssl_certificate 1_www.htblog.cc_bundle.crt;
ssl_certificate_key 2_www.htblog.cc.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/mysite.access.log main;
error_log /var/log/nginx/mysite.error.log warn;
location / {
root /var/www/mysite;
index index.html index.htm;
include uwsgi_params;
uwsgi_pass 127.0.0.1:5000;
uwsgi_param UWSGI_PYHOME /var/www/mysite_env;
uwsgi_param UWSGI_CHDIR /var/www/mysite;
uwsgi_param PYTHONPATH /var/www/mysite;
uwsgi_param UWSGI_MODULE run;
uwsgi_param UWSGI_CALLABLE app;
配置完后保存退出
用命令测试下。如果成功重启Nginx服务就可以了
nginx -t -c /etc/nginx/nginx.conf