获取证书及配置cron刷新证书任务参见:Linux + Tomcat 使用 https
Nginx配置
进入配置文件
vi /usr/local/nginx/conf/nginx.conf
取消注释
server {
listen 443 ssl;
server_name <yourServerName>;
ssl_certificate /etc/letsencrypt/live/<yourServerName>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<yourServerName>/privkey.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
配置http重定向到https
server {
listen 80;#这里也可能是其他端口,不影响
server_name <yourServerName>;
#配置跳转到443
return 301 https://$server_name$request_uri;
}
重新启动nginx
kill $(ps axu|grep nginx|awk '{print $2}')
/usr/local/nginx/sbin/nginx
至此,外部访问使用https已经完成了。