在linux里面配置ssl证书,让域名可以通过https安全协议进行访问,以前一般用apache,现在用nginx配置,原理是一样的。
1.申请证书:可以购买,也可以申请免费的ssl证书
2.上传证书到服务器某个目录(后缀根据需要修改,一般不用修改)
3.配置nginx配置,启用443监听和开启ssl验证
4.重启nginx服务,测试效果(测试:https://www.alipay168.cn)
nginx下某个域名ssl配置如下案例(我配置同时监听了443和80):
[root@instance-6ocolrk6 vhost]# cat alipay168.cn.conf
#upstream alipay{
# server 127.0.0.1:80 ;
# server 127.0.0.1:8080 weight=1 ;
# server 127.0.0.1:8081 weight=2 ;
# server 127.0.0.1:8082 weight=2 down ;
# server 127.0.0.1:80 weight=2 backup ;
#}
server {
listen 443;
server_name www.alipay168.cn;
index index.php index.html;
root /马赛克/alipay168;
ssl on;
ssl_certificate /马赛克/www.alipay168.cn.pem;#改成自己的路径
ssl_certificate_key /马赛克/www.alipay168.cn.key;#改成自己的路径
ssl_session_timeout 1m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
# proxy_pass http://alipay;
}
location ~ \.php$ {
index index.php index.html;
fastcgi_pass 127.0.0.1:9000;#php-fpm的默认端口是9000
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 80;
server_name www.alipay168.cn alipay168.cn;
index index.php index.html;
root /马赛克/alipay168;
location / {
# proxy_pass http://alipay;
}
location ~ \.php$ {
index index.php index.html;
fastcgi_pass 127.0.0.1:9000;#php-fpm的默认端口是9000
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}