第一步:申请ssl证书——一般域名注册商都会提供免费证书申请
第二步:上传到服务器
第三步:配置nginx.conf文件
conf内Server 配置案例如下:
server {
listen 80;
listen 443 ssl http2;
ssl on ; ##开启ssl
ssl_certificate **crt文件路径**;
ssl_certificate_key **key文件路径**;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_buffer_size 1400;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
server_name **域名**
access_log off;
index index.html index.htm index.jsp;
root 项目访问路径;
if ($host != **域名**) { return 301 $scheme:// **域名** $request_uri; }
#error_page 404 /404.html;
#error_page 502 /502.html;
location ~ .*\.(wma|wmv|asf|mp3|mmf|zip|rar|jpg|gif|png|swf|flv|mp4)$ {
valid_referers none blocked **域名**;
if ($invalid_referer) {
return 403;
}
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
expires 30d;
access_log off;
}
location ~ .*\.(js|css)?$ {
expires 7d;
access_log off;
}
location ~ /\.ht {
deny all;
}
location ~ {
proxy_pass http://127.0.0.1:8080;
include proxy.conf;
}
}