nginx https模块安装与配置

作者: qishuai | 来源:发表于2018-10-08 19:55 被阅读0次

Nginx 配置 HTTPS
nginx https模块安装与配置
使用Nginx配置HTTPS域名证书
Nginx 配置 https
网站(Nginx)配置 HTTPS 完整过程
Nginx https
基于流量管控的Nginx参数配置解析
Nginx篇01——基本安装配置和静态页面设置
CentOS6.5部署Gitlab-CE代码托管服务
linux CentOS7 nginx nginx-rtmp-m

安装步骤：

1.安装certbot

sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx

2.配置certbot

sudo certbot --nginx

// 定时更新证书，因为lets-encrypt的证书90天将会过期
certbot renew --renew-hook "service nginx reload"
vim /etc/crontab
// 添加一下内容
# at 4:47am/pm, renew all Let's Encrypt certificates over 60 days old
47 4,16   * * *   root   certbot renew --quiet --renew-hook "service nginx reload"

sudo service crond reload
// 查看定时任务
crontab -l

3.配置nginx

将api.aaa.com www.aaa.com两个域名修改成需要的域名

server {
    listen 80 default_server;
    listen [::]:80 default_server;

    root /var/www/html;

    # Add index.php to the list if you are using PHP
    index index.html index.htm index.nginx-debian.html;

    server_name api.aaa.com www.aaa.com; # managed by Certbot

    location / {
        try_files $uri $uri/ =404;
    }

    location /.well-known {
        alias /var/www/www.aaa.com/.well-known;
    }
}

server {
    root /var/www/html;

    # Add index.php to the list if you are using PHP
    index index.html index.htm index.nginx-debian.html;
    server_name api.aaa.com www.aaa.com; # managed by Certbot

    location / {
        try_files $uri $uri/ =404;
    }

    location /.well-known {
        alias /var/www/www.aaa.com/.well-known;
    }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/www.aaa.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/www.aaa.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

# http强制跳转https
server {
    if ($host = api.aaa.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = www.aaa.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80 ;
    listen [::]:80 ;
    server_name api.aaa.com www.aaa.com;
    return 404; # managed by Certbot
}