- 首先進入nginx目錄下,並創建cert文件夾用於存放證書
cd /etc/nginx
mkdir cert
- 修改nginx-server配置,爲當前站點啓用SSL
cd /etc/nginx/sites-enabled
vim default
在server節點中添加ssl配置參數
server {
listen 443;
server_name localhost;
ssl on;
root html;
index index.html index.htm;
ssl_certificate cert/a.pem;
ssl_certificate_key cert/a.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
- 80端口重定向到443
在**/etc/nginx/sites-enabled**中添加用於80端口重定向的配置參數
server {
listen 80;
server_name notes.cnpowercloud.cn;
location / {
rewrite ^(.*)$ https://$host$1 last;
}
}