阿里云Nginx配置ssl证书-http转https
2021-01-08 02:28
标签:apach prot color php 更改 serve 文件夹 load span 一、购买下载证书 二、将下载的证书上传到服务器 1、服务器根目录新增文件夹cert 2、本地证书上传到服务器 三、更改nginx配置文件 四、设置安全组 1、阿里云控制台->云服务器ECS->网络与安全->安全组 阿里云Nginx配置ssl证书-http转https 标签:apach prot color php 更改 serve 文件夹 load span 原文地址:https://www.cnblogs.com/www-php/p/13535148.htmlcd /etc/nginx/
mkdir cert
scp 证书地址/证书文件 root@服务器地址:/nginx根目录/cert/
vim /etc/nginx/conf.d/default.conf
server {
listen 80;
listen [::]:80;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name 域名地址;
#将 http 重定向 https
return 301 https://$server_name$request_uri;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.php?$query_string;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache‘s document root
# concurs with nginx‘s one
#
#location ~ /\.ht {
# deny all;
#}
}
#https
server {
listen 443;
server_name 域名地址;
ssl on;
root /var/www/html;
index index.php index.html index.htm;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# ssl证书地址
ssl_certificate /etc/nginx/cert/证书名称.pem; # pem文件的路径
ssl_certificate_key /etc/nginx/cert/证书名称.key; # key文件的路径
# ssl验证相关配置
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
}
重启nginx
service nginx restart