美文网首页
Nginx之SSL

Nginx之SSL

作者: 隔岸坐看云卷云舒 | 来源:发表于2019-03-21 16:00 被阅读0次

    测试环境:

    Centos7 x64

    Nginx 1.14

    已经签发的SSL证书

    首先下载SSL证书文件

    该证书应该有两个文件,一个是Crt后缀名的证书,一个是Key后缀名的私钥

    如图:

    image

    现在我们打开Nginx的配置文件修改如下:

    server
    
        {
    
            listen 80;
    
            #listen [::]:80;server_name im.caomei520.com ;
    
            rewrite ^(.*)$ https://${server_name}$1 permanent;    }
    
    server
    
        {
    
            listen 443 ssl http2;
    
            #listen [::]:443 ssl http2;server_name im.caomei520.com ;
    
            index index.html index.htm index.phpdefault.htmldefault.htmdefault.php;
    
            root  /home/wwwroot/im.caomei520.com/public;
    
            ssl on;
    
            ssl_certificate /home/wwwroot/im.caomei520.com/ssl/im.caomei520.com.crt;
    
            ssl_certificate_key /home/wwwroot/im.caomei520.com/ssl/im.caomei520.com.key;
    
            ssl_session_timeout 5m;
    
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    
            ssl_prefer_server_ciphers on;
    
            ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
    
            ssl_session_cache builtin:1000 shared:SSL:10m;
    
            # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;
    

    接下来校验:

    nginx -t
    

    nginx 校验成功应该如下图


    WechatIMG367.jpeg

    只要没有报错信息即可重启Nginx

    nginx reload
    

    相关文章

      网友评论

          本文标题:Nginx之SSL

          本文链接:https://www.haomeiwen.com/subject/nxhcvqtx.html