-
在购买域名的地方申请SSL 证书 ,(免费版也可以)
-
-
申请域名购买的证书只能申请的域名使用
-
下载SSL证书文件到本地
-
将SSL证书配置到服务器对应位置,此处为宝塔安装环境下的证书放置位置
-
-
在/www/server/nginx/conf/vhost 下创建这个域名的访问配置文件
server
{
listen 443;
server_name shopping.ylthyr.com;
ssl on;
index index.html index.htm index.php;
root /www/wwwroot/你的项目运行目录地址;
ssl_certificate /www/server/panel/vhost/cert/你的SSL证书地址/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/证书KEY地址/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
#error_page 404 /404.html;
include enable-php.conf;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /\.
{
deny all;
}
location / {
try_files $uri $uri/ /index.php?$query_string;
}
access_log /www/wwwlogs/access.log;
}
server {
#http 访问转换为https 访问
listen 80;
server_name shopping.ylthyr.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#最早支持的写法
#rewrite ^(.*)$ https://$host$1 permanent;
return 301 https://$host$request_uri; #这是nginx最新支持的写法
}
- 重启服务器
- 将域名换为https进行访问