操作步骤
步骤1:登录阿里后台 –> 证书服务 –> 点击购买证书(像商品购买)
步骤2:购买后按提示绑定域名,提交等待审核(一般20分钟左右)
步骤3:审核通过后,在我的证书订单列表中点击下载,进入选择下载对应不同服务器类型(apache, nginx, iss…)的证书文件(.pem, .key)
步骤4:按提示的配置信息,上传刚下载的两个证书文件到服务器,并配置nginx.conf
步骤5:nginx.conf 配置文件中添加:注要监听443 商品
配置文件:
server {
# 监听443 端口
listen 443;
server_name www.xxx.com xxx.com;
ssl on;
# root html;
# index index.html index.htm;
# 证书路径
ssl_certificate /alidata/server/nginx-1.4.4/conf/cert/214134739980111.pem;
# 私钥路径
ssl_certificate_key /alidata/server/nginx-1.4.4/conf/cert/214134739980111.key;
# 缓存有效期
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
# 安全链接可选的加密协议
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
# 自定义部分, 注释了模板上面的二行
index index.html index.htm index.php;
root /alidata/www/www.xxx.com;
error_page 404 /404.html;
location ~ .*\.(php|php5)?$
{
#fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 1h;
}
# rewrite, log
include /alidata/server/nginx/conf/rewrite/www.xxx.com.conf;
access_log /alidata/log/nginx/access/www.xxx.com.log;
}
步骤6: 重启服务: /etc/init.d/nginx restart