1.阿里云购买的域名,所以备案之后,就在阿里云申请的免费ssl证书,之前的步骤您可以在网上找到很多,因为我这边只需要nginx的ssl证书所以我下载ssl证书之后,只用了nginx的zip包,通过sftp或者rz到腾讯云服务器的/data/release/nginx/aliyun目录下,如没有请自建,解压之后如下图:
2.因为阿里云产生的ssl证书是pem文件,而腾讯云服务器所需要的crt文件,所以通过腾讯云自己的第三方SSL证书托管将阿里云pem格式转换成crt,具体参见如下详情:
https://www.4xseo.com/blog/3804/
转换完成之后,将crt和key两个文件放在了/data/release/nginx目录下面,以接下来备用。
3.配置nginx/nginx.conf
我的nginx安装在/usr/local/nginx,具体配置在conf/nginx.conf里面,只需将下面的配置复制到你conf文件里面即可
user www;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
client_max_body_size 50m;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name www.idatafun.com;
rewrite ^(.*)$ https://$server_name$1 permanent;
}
server {
listen 443;
server_name www.idatafun.com;
ssl on;
ssl_certificate /data/release/nginx/1_idatafun.com_bundle.crt; #crt文件路径
ssl_certificate_key /data/release/nginx/2_idatafun.com.key; #key文件路径
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;
ssl_session_cache shared:SSL:50m;
ssl_prefer_server_ciphers on;
root /data/pigchild;
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location / {
index index.php;
try_files $uri $uri/ /index.php?$args;
}
}
}
重新启动/usr/local/nginx/sbin/nginx,访问www.idatafun.com,如下图,绿色安全字样:
4.注意事项
a.conf文件一定要检查,多或少字符;修改之前一定要备份,切记;
b.nginx之前安装的时候,有可能没有安装ssl模块,所以在添加ssl模块,具体操作见 https://www.cnblogs.com/zhming26/p/6278667.html
5.如有疑问,可以给我留言,我看到后尽快回复,共同学习,一起进步。