当我们项目使用到https访问的时候 ,需要服务器端配制站点SSL证书,就可以使用浏览器通过https访问站点或api接口了。
SSL证书需要从服务商申请并下载到你自己的电脑上,由你的电脑上传到服务器上。一般阿里云、或腾讯云都有这类免费SSL证书可以申请 的,当然了,除了这两个平台可以申请外,还有很多平台可以申请 ,这里只提两个平台的。其他平台自己研究了。
我们环境使用的是nginx,我们直接配制nginx配制文件,一般是站点的nginx配制文件。我这里每个站点都有独立的配制文件 ,打开配制文件,在你的站点http正常访问的环境下添加如下SSL配制就可以了,修改完成记得重启nginx生效。
SSL证书放到服务器上的/usr/local目录下,在这个目录中新建一个cert文件夹,把证书放在此目录中
listen 443 ssl;
listen [::]:443;
ssl_certificate /usr/local/cert/6751199_mgj.nyw.com.pem;
ssl_certificate_key /usr/local/cert/6751199_mgj.nyw.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
完整的配制文件如下
server {
listen 80;
listen [::]:80;
# SSL configuration
#
listen 443 ssl;
listen [::]:443;
ssl_certificate /usr/local/cert/6751199_mgj.nyw.com.pem;
ssl_certificate_key /usr/local/cert/6751199_mgj.nyw.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
root /var/www/mgj.nyw.com;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html index.php;
server_name mgj.nyw.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
if (!-e $request_filename){
rewrite ^(.*)$ /index.php?s=$1 last; break;
}
}
# pass PHP scripts to FastCGI server
location ~ \.php$ {
include snippets/fastcgi-php.conf;
# With php-fpm (or other unix sockets):
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
# With php-cgi (or other tcp sockets):
#fastcgi_pass 127.0.0.1:9000;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}