1. https://freessl.cn/
2. 输入域名和邮箱
3. 选“文件验证” 和 “浏览器生成”,如图
image.png
(按照该网页要求的指定位置,将两个验证文件ftp到你的网站服务器,能用http访问到这两个文件即可)
4. 下载文件:
image.png
5. 下载后,得到full_chain.pem和private.key这两个文件,现在将他们上传到网站服务器的这个目录下:
/usr/local/nginx/cert/
6. 回到centos,修改nginx的配置文件:
nano /usr/local/nginx/conf/nginx.conf
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
改为:
# HTTPS server
#
server {
listen 443 ssl;
server_name localhost;
ssl_certificate /usr/local/nginx/cert/full_chain.pem;
ssl_certificate_key /usr/local/nginx/cert/private.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
- 防火墙开通https服务:
firewall-cmd --add-service=https --permanent
- 开通443端口:
firewall-cmd --zone=public --add-port=80/tcp --permanent
- 刷新并查看:
firewall-cmd --reload
firewall-cmd --list-all
应该显示如下:
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: dhcpv6-client http https ssh
ports: 80/tcp 443/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
- 重启nginx服务器:
systemctl restart nginx
- 验证ssl证书是否工作正常:
- 如见上图,大功告成。
网友评论