1. 阿里云下载免费的证书CA证书
有个审核得等一会,我的已经申请好了,直接点击下载,有*.pem和*.key两个证书,然后把这两个证书拷到linux服务器上,我用的是centos7.放在nginx的conf配置里面,可以建一个文件夹cert
2. 配置nginx
server {
listen 443 ssl;
server_name www.gouhui.tech default_server; #1
ssl_certificate cert/server.pem; #2
ssl_certificate_key cert/server.key; #3
ssl_session_cacheshared:SSL:1m;
ssl_session_timeout5m;
ssl_ciphersECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocolsTLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_cipherson;
#解析php文件
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
include fastcgi_params;
}
}
#重定向到ssl(443)
server{
listen80;
server_name www.gouhui.tech;
rewrite^(.*) https://www.gouhui.tech;
}
4.重启nginx,访问……