一、前提條件:
1、購買域名,並且已備案
2、域名已解析,注意www 的解析對象ip爲你的服務器ip
3、購買ssl證書,並且已驗證
二、配置
1、下載ssl證書,裏面有XXX.pem,XXX.key兩個文件
2、找到nginx的nginx.conf文件,我的是自動安裝的一般在、/etc/nginx/nginx.conf裏面。
3、打開nginx.conf文件,找到以下代碼
server {
listen 443 ssl;
server_name localhost;
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
用下列代碼進行替換
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
charset utf-8;
server_name XXX.XXXX.XX; //通常格式爲www.abc.com
ssl_certificate /etc/nginx/ssl/xxxxxx.pem;
ssl_certificate_key /etc/nginx/ssl/xxxxxx.key;
ssl_session_timeout 5m; //響應時間
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; //解密方法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
root /usr/Selonn; //項目根目錄
index index.html index.htm;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}