Nginx配置ssl证书实现https访问

发表于 | 分类于 | | 浏览
字数统计: 698 | 阅读时长 ≈ 3

服务器环境使用的是lnmp集成包搭建的,根据业务要求,我们需要使用https访问链接

  1. 首先nginx必须安装了ssl模块,此处就不讲解如何安装ssl模块了

  2. 然后我们把证书文件放到服务器上的 /usr/local/nginx/cert 目录里

1
2
3
├─ /usr/local/nginx/cert
│  ├─ 4023842_www.xxxxxx.com.pem
│  ├─ 4023842_www.xxxxxx.com.key
  1. 然后修改 vhost nginx 配置文件 www.xxxxxx.com.conf

原始的配置为:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
server
    {
        listen 80;
        #listen [::]:80;
        server_name www.xxxxxx.com ;
        index index.html index.htm index.php default.html default.htm default.php;
        root  /data/www/www.xxxxxx.com/public;

        include rewrite/thinkphp.conf;
        #error_page   404   /404.html;

        # Deny access to PHP files in specific directory
        #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }

        include enable-php-pathinfo.conf;

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }

        location ~ .*\.(js|css)?$
        {
            expires      12h;
        }

        location ~ /.well-known {
            allow all;
        }

        location ~ /\.
        {
            deny all;
        }

        access_log  /home/wwwlogs/www.xxxxxx.com.log;
    }

在此文件新增 server 配置信息,其实就是把原来的 server 配置再复制一份进行修改

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
server
    {
        listen 443 ssl;#修改
        server_name www.xxxxxx.com ;
        index index.html index.htm index.php default.html default.htm default.php;
        root  /data/www/www.xxxxxx.com/public;
		ssl_certificate   ../cert/4023842_www.xxxxxx.com.pem;#新增
		ssl_certificate_key  ../cert/4023842_www.xxxxxx.com.key;#新增
		ssl_session_timeout 5m;#新增
		ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;#新增
		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;#新增
		ssl_prefer_server_ciphers on;#新增

        include rewrite/thinkphp.conf;
        #error_page   404   /404.html;

        # Deny access to PHP files in specific directory
        #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }

        include enable-php-pathinfo.conf;

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }

        location ~ .*\.(js|css)?$
        {
            expires      12h;
        }

        location ~ /.well-known {
            allow all;
        }

        location ~ /\.
        {
            deny all;
        }

        access_log  /home/wwwlogs/www.xxxxxx.com.log;
    }

那么最后的www.xxxxxx.com.conf 为:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
server
    {
        listen 80;
        #listen [::]:80;
        server_name www.xxxxxx.com ;
        index index.html index.htm index.php default.html default.htm default.php;
        root  /data/www/www.xxxxxx.com/public;

        include rewrite/thinkphp.conf;
        #error_page   404   /404.html;

        # Deny access to PHP files in specific directory
        #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }

        include enable-php-pathinfo.conf;

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }

        location ~ .*\.(js|css)?$
        {
            expires      12h;
        }

        location ~ /.well-known {
            allow all;
        }

        location ~ /\.
        {
            deny all;
        }

        access_log  /home/wwwlogs/www.xxxxxx.com.log;
    }

server
    {
        listen 443 ssl;#修改
        server_name www.xxxxxx.com ;
        index index.html index.htm index.php default.html default.htm default.php;
        root  /data/www/www.xxxxxx.com/public;
		ssl_certificate   ../cert/4023842_www.xxxxxx.com.pem;#新增
		ssl_certificate_key  ../cert/4023842_www.xxxxxx.com.key;#新增
		ssl_session_timeout 5m;#新增
		ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;#新增
		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;#新增
		ssl_prefer_server_ciphers on;#新增

        include rewrite/thinkphp.conf;
        #error_page   404   /404.html;

        # Deny access to PHP files in specific directory
        #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }

        include enable-php-pathinfo.conf;

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }

        location ~ .*\.(js|css)?$
        {
            expires      12h;
        }

        location ~ /.well-known {
            allow all;
        }

        location ~ /\.
        {
            deny all;
        }

        access_log  /home/wwwlogs/www.xxxxxx.com.log;
    }
  1. 最后重启nginx。

提示:有的 ssl server配置信息有ssl on;参数,重启nginx会提示错误,去掉此参数然后在 listen 443 追加 ssl

坚持原创技术分享,您的支持将鼓励我继续创作!
0%