前言
- CentOS Linux release 8.2.2004 (Core)
- nginx1.15
配置SSL
server{
listen 80 ;
listen 443 ssl;
server_name xxx.com ;
ssl_certificate /usr/local/phpstudy/vhost/nginx/ssl/20210709_xxx.com.pem;
ssl_certificate_key /usr/local/phpstudy/vhost/nginx/ssl/20210709_xxx.com.key;
#强制SSL
if ($https != 'on') {
rewrite ^(.*)$ https://$host$1 redirect;
break;
}
...
}
listen 443 ssl;
监听SSL端口443。ssl_certificate /usr/local/phpstudy/vhost/nginx/ssl/20210709_xxx.com.pem;
数字证书,里面包含公钥。.pem
、.cer
、.crt
、.der
格式的都可以。ssl_certificate_key /usr/local/phpstudy/vhost/nginx/ssl/20210709_xxx.com.key;
私钥。$https
如果当前请求为HTTPS请求,值为“on”;否则为空字符串。$https != 'on'
条件表达式,当前请求不为HTTPS请求时,表达式为真。rewrite ^(.*)$ https://$host$1 redirect;
重定向(302)到 https 的请求地址break;
含义为Stops processing the current set of ngx_http_rewrite_module directives.
80端口和443端口配置分离的配置方法
80端口的配置
server{
listen 80 ;
server_name xxx.com ;
#强制SSL
rewrite ^(.*)$ https://$host$1 permanent;
}
443端口的配置
server{
listen 443 ssl;
server_name xxx.com ;
ssl_certificate /usr/local/phpstudy/vhost/nginx/ssl/20210709_xxx.com.pem;
ssl_certificate_key /usr/local/phpstudy/vhost/nginx/ssl/20210709_xxx.com.key;
...
}
参考
http://nginx.org/en/docs/mail/ngx_mail_ssl_module.html#example