- 首先进入nginx目录下,并创建cert文件夹用于存放证书
cd /etc/nginx
mkdir cert
- 修改nginx-server配置,为当前站点启用SSL
cd /etc/nginx/sites-enabled
vim default
在server节点中添加ssl配置参数
server {
listen 443;
server_name localhost;
ssl on;
root html;
index index.html index.htm;
ssl_certificate cert/a.pem;
ssl_certificate_key cert/a.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
- 80端口重定向到443
在/etc/nginx/sites-enabled中添加用于80端口重定向的配置参数
server {
listen 80;
server_name notes.cnpowercloud.cn;
location / {
rewrite ^(.*)$ https://$host$1 last;
}
}
网友评论