一:购买阿里云SSL免费服务
购买成功后提交审核,并且绑定域名,最后下载Key。
二:配置nginx
参考阿里云帮助文档:
在nginx中配置ssl
1. 进入nginx目录,cd /usr/local/nginx/conf
2. 创建cert文件夹,mkdir cert 把下载下来的key上传到文件夹中
3. 更改nginx.conf文件
user root;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
#ssi on;
#ssi_silent_errors on;
#ssi_types text/shtml;
include mime.types;
default_type application/octet-stream;
client_max_body_size 50m;
client_header_timeout 1m;
client_body_timeout 1m;
proxy_connect_timeout 60s;
proxy_read_timeout 1m;
proxy_send_timeout 1m;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name yui.com;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root /usr/local/tomcat/cnds/yui-ui;
index index.html;
#location ~ .*\.(jpg|jpeg|gif|png|swf|htm|html|json|xml|svg|woff|ttf|eot|map|ico)$ {
# expires 10d;
#}
#location ~ .*\.(js|css)?$ {
# expires 1h;
#}
location ~* \.(css|js|jpg|jpeg|gif|png|swf|htm|html|json|xml|svg|woff|ttf|eot|map|ico)$ {
if (-f $request_filename) {
break;
}
}
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
location ^~/sys {
proxy_pass http://127.0.0.1:8802;
}
location ^~/general {
proxy_pass http://127.0.0.1:8804;
}
location ^~/wxMp {
proxy_pass http://127.0.0.1:8808;
}
location ^~/wxMa {
proxy_pass http://127.0.0.1:8808;
}
location ^~/sched {
proxy_pass http://127.0.0.1:8806;
}
location ^~/ds {
proxy_pass http://127.0.0.1:8832;
}
location ^~/act {
proxy_pass http://127.0.0.1:8814;
}
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 443 default ssl;
server_name yui.com;
ssl on;
#root /usr/local/tomcat/cnds/yui-ui;
#index index.html;
ssl_certificate cert/a.pem;
ssl_certificate_key cert/a.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
root /usr/local/tomcat/cnds/yui-ui;
index index.html;
location ~* \.(css|js|jpg|jpeg|gif|png|swf|htm|html|json|xml|svg|woff|ttf|eot|map|ico)$ {
if (-f $request_filename) {
break;
}
}
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
location ^~/sys {
proxy_pass http://127.0.0.1:8802;
}
location ^~/general {
proxy_pass http://127.0.0.1:8804;
}
location ^~/wxMp {
proxy_pass http://127.0.0.1:8808;
}
location ^~/wxMa {
proxy_pass http://127.0.0.1:8808;
}
location ^~/sched {
proxy_pass http://127.0.0.1:8806;
}
location ^~/ds {
proxy_pass http://127.0.0.1:8832;
}
location ^~/act {
proxy_pass http://127.0.0.1:8814;
}
}
}
}
重启nginx
三:nginx安装SSL服务
重启nginx可能遇到错误
nginx: [emerg] unknown directive "ssl" in /usr/local/nginx/conf/nginx.conf:1
这个时候nginx需要进行安装SSL服务,
以下代码来自博客转发:
https://blog.csdn.net/weiyangdong/article/details/80008543
出现如图所示错误,处理办法如下
-
去nginx解压目录下执行
./configure --with-http_ssl_module
2. 如果报错 ./configure: error: SSL modules require the OpenSSL library.则执行
yum -y install openssl openssl-devel
./configure
./configure --with-http_ssl_module
3. 执行 make
(切记不能 make install 会覆盖安装目录)
4. 将原来 nginx 备份
cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
5. 将新的 nginx 覆盖旧安装目录
cp objs/nginx /usr/local/nginx/sbin/nginx
如果报错,执行 cp -rfp objs/nginx /usr/local/nginx/sbin/nginx
6. 测试 nginx 是否正确
/usr/local/nginx/sbin/nginx -t
如图最后是测试成功的,之前遇到一个错误是我的SSL证书路径有错,修改后测试通过