准备工作
配置教程
1.备份配置文件
1
| sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.default
|
2.编辑配置文件
1
| sudo vim /etc/nginx/nginx.conf
|
找到http{}块中的server{}块,注释掉原有的server{}
3.按原有配置添加新的server块
(1) 默认的错误界面
1
2
3
4
5
6
7
8
9
| server {
listen 443 ssl default_server;
server_name _;
ssl_certificate /etc/nginx/xxx.crt;
ssl_certificate_key /etc/nginx/xxx.key;
return 404;
}
|
(2) 主域名
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| server {
listen 443 ssl;
server_name fireflye.top;
ssl_certificate /etc/nginx/xxx.crt;
ssl_certificate_key /etc/nginx/xxx.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
root /home/www/website;
index index.html index.htm;
}
}
|
其中root改为自己本地的网站目录
(3) 主域名转发
1
2
3
4
5
| server {
listen 80;
server_name fireflye.top;
return 301 https://$host$request_uri;
}
|
(4) 二级域名端口转发示例
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
| server {
listen 443 ssl;
server_name xxx.fireflye.top;
ssl_certificate /etc/nginx/xxx.crt;
ssl_certificate_key /etc/nginx/xxx.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Range $http_range;
proxy_set_header If-Range $http_if_range;
proxy_redirect off;
proxy_pass https://127.0.0.1:xxx;
client_max_body_size 20000m;
}
}
server {
listen 80;
server_name xxx.fireflye.top;
return 301 https://$host$request_uri;
}
|
其他均可套此模版
注意http{}需要闭合,最后的大括号容易被误删
(5) 检验配置并重启nginx
证明无错误,重启nginx
4.SSL证书
可以去腾讯云申请免费的证书,下载证书的crt和key(选nginx即可)可用于其他平台的服务器
每个证书有效期三个月
除www外的二级域名需要单独申请
总有效证书最多50个(到期会释放个数)
wechat
zanshang
alipay
