配置https证书

1. 找到目录/alidata/server/nginx/conf 下的nginx.conf文件，文件内容如下

user  www www;
worker_processes  2;

error_log  /alidata/log/nginx/error.log crit;
pid        /alidata/server/nginx/logs/nginx.pid;

#Specifies the value for maximum file descriptors that can be opened by this process. 
worker_rlimit_nofile 65535;

events 
{
  use epoll;
  worker_connections 65535;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #charset  gb2312;

    server_names_hash_bucket_size 128;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    client_max_body_size 8m;

    sendfile on;
    tcp_nopush     on;

    keepalive_timeout 60;

    tcp_nodelay on;

    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    fastcgi_buffer_size 64k;
    fastcgi_buffers 4 64k;
    fastcgi_busy_buffers_size 128k;
    fastcgi_temp_file_write_size 128k;

    gzip on;
    gzip_min_length  1k;
    gzip_buffers     4 16k;
    gzip_http_version 1.0;
    gzip_comp_level 2;
    gzip_types       text/plain application/x-javascript text/css application/xml;
    gzip_vary on;
    #limit_zone  crawler  $binary_remote_addr  10m;
    log_format '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';
    include /alidata/server/nginx/conf/vhosts/*.conf;
}

其实只要改最底下那句就行

include /alidata/server/nginx/conf/vhosts/*.conf;

把vhost的配置指向nginx/conf/vhosts里面的所有conf结尾文件，其实就是配置域名证书的配置文件，我这里的配置了几个域名文件目录接口如下

TIM图片20180528170718.png

2. 然后就是把下载的证书文件放置到nginx/conf/cert目录下面，如下图所示
   TIM图片20180528171101.png

3. 然后看看第一张图片的conf配置文件内容

server {
        listen       80;
        server_name  www.bigmantech.cn;
    index index.html index.htm index.php;
    root /alidata/www/default/;
     location ~ ^(.+\.php)(.*)$ 
    {
    fastcgi_pass 127.0.0.1:9000;
#fastcgi_pass unix:/dev/shm/php-cgi.sock;
fastcgi_index index.php;
include fastcgi.conf;
set $real_script_name $fastcgi_script_name;
if ($fastcgi_script_name ~ "^(.+?\.php)(/.+)$") {
set $real_script_name $1;
set $path_info $2;
}
fastcgi_param SCRIPT_FILENAME $document_root$real_script_name;
fastcgi_param SCRIPT_NAME $real_script_name;
fastcgi_param PATH_INFO $path_info;
    }
    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
        expires 30d;
    }
    location ~ .*\.(js|css)?$
    {
        expires 1h;
    }
    #伪静态规则
    include /alidata/server/nginx/conf/rewrite/default.conf;
        location / {
            index  index.html index.htm index.php;
            #autoindex  on;
            if (!-e $request_filename) {
                rewrite ^(.*)$ /index.php?s=$1 last;
                break;
            }
        } 
    access_log  /alidata/log/nginx/access/default.log;
}

server {
        listen       443 ssl;
        server_name  www.bigmantech.cn;
        ssl_certificate      cert/www.bigmantech.cn.pem;
        ssl_certificate_key  cert/www.bigmantech.cn.key;
        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;
        location / {
            proxy_pass http://www.bigmantech.cn;
        }
    }

4 .最后重启nginx就行，执行以下命令

nginx -s reload

然后用https去访问域名能正常访问就行