nginx配置ssl证书
准备资料:
-
域名一个: www.baidu.cn (自己申请的域名);
-
名称对应的ssl证书文件: 1_www.baidu.cn_bundle.crt 、2_www.baidu.cn.key
-
nginx服务器一个;
server {
listen 80;
server_name www.baidu.cn;
#charset koi8-r;
access_log /var/log/nginx/git.access.log main;
#请求http强制跳转到https去
rewrite ^(.*) https://$host$1 permanent;
}
#https地址,记得开启服务器的443端口,否则访问不了https地址
server {
listen 443 ssl http2;
server_name www.baidu.cn;
# 证书存放路径
ssl_certificate /etc/nginx/ssl/1_zhwlt.cn_bundle.pem;
ssl_certificate_key /etc/nginx/ssl/2_zhwlt.cn.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
add_header Strict-Transport-Security "max-age=63072000" always;
# 根目录
location / {
root /var/www/html/;
index index.html index.htm test.html;
}
}
原创内容,如果你觉得文章还可以的话,不妨点个赞支持一下!转载请注明出处。
