- 申请免费的ssl证书
- 为ssl证书补全域名和个人信息。
- 下载证书
- 上传证书
cd /usr/local/nginx/conf
mkdir cert
证书传上去
5. 更改nginx配置文件
6. server {
7. listen 443 ssl;
8. server_name xxx.com; // 你的域名
9. root /var/www/xxx.com; // 前台文件存放文件夹,可改成别的
10. index index.html index.htm;// 上面配置的文件夹里面的index.html
11. ssl_certificate cert/214292799730473.pem;// 改成你的证书的名字
12. ssl_certificate_key cert/214292799730473.key;// 你的证书的名字
13. ssl_session_timeout 5m;
14. ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
15. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
16. ssl_prefer_server_ciphers on;
17. location / {
18. index index.html index.htm;
19. }
20. }
- server {
-
listen 80;
-
server_name xxx.com;// 你的域名
-
rewrite ^(.*)$ https://xxx.com$request_uri;// 把http的域名请求转成https
- }
6.测试nginx
Cd /usr/local/nginx/sbin
./nginx –t
7.如果unknown directive “ssl” in /usr/local/nginx/conf/nginx.conf:401
进入nginx安装目录
Cd /usr/local/nginx/nginx-1.16.1
./configure --with-http_ssl_module
nginx path prefix: “/usr/local/nginx”
nginx binary file: “/usr/local/nginx/sbin/nginx”
nginx modules path: “/usr/local/nginx/modules”
nginx configuration prefix: “/usr/local/nginx/conf”
nginx configuration file: “/usr/local/nginx/conf/nginx.conf”
nginx pid file: “/usr/local/nginx/logs/nginx.pid”
nginx error log file: “/usr/local/nginx/logs/error.log”
nginx http access log file: “/usr/local/nginx/logs/access.log”
nginx http client request body temporary files: “client_body_temp”
nginx http proxy temporary files: “proxy_temp”
nginx http fastcgi temporary files: “fastcgi_temp”
nginx http uwsgi temporary files: “uwsgi_temp”
nginx http scgi temporary files: “scgi_temp”
然后执行make(千万不要执行make install 会覆盖之前的配置)
将原来的备份
cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
用心的代替原来的
cp /usr/local/nginx/nginx-1.16.1/objs/nginx /usr/local/nginx/sbin/nginx
./nginx –t测试
然后重启nginx
有了这个锁 我们的网站可以https了