1、SSL免费证书申请:
https://freessl.org/
https://www.zzidc.com/ssl/wosignSslIndex
2、证书更名,并上传到服务器
/usr/local/nginx/cert/zhzq.pem
/usr/local/nginx/cert/zhzq.key
进入配置文件所在目录
cd /usr/local/nginx/conf
编辑配置文件
vim nginx.conf
配置如下
server {
listen 80;
listen 443 ssl;
server_name blog.zhzq.com;
ssl off;
ssl_certificate ../cert/zhzq.pem;
ssl_certificate_key ../cert/zhzq.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
# 下面root路径格子这边隐去了,各位需自行设置
root ...;
location /{
index index.html index.htm;
}
access_log /usr/local/nginx-1.9.9/logs/blog-https.access.log;
}
3、重新载入nginx
./sbin/nginx -s reload
# 如果上面的命令不起作用,也可以重启
./sbin/nginx -s stop
./sbin/nginx
4、服务器进行安全组配置
5、开放对应端口并重载防火墙
firewall-cmd --zone=public --add-port=443/tcp --permanent
systemctrl reload firewalld
网友评论