1,上传证书文件至服务器,如 /usr/local/nginx/ssl 目录下
2,修改nginx的配置文件,若是虚拟站点,刚需要修改对应的配置文件,修改内容如下:
#基本的SSL配置
server {
listen 443 ssl;
server_name www.test.com;
root /home/wwwroot/test.com;
index index.php;
ssl_certificate /usr/local/nginx/ssl/www.test.com.crt; #或者是pem后缀的
ssl_certificate_key /usr/local/nginx/ssl/www.test.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
}
#解决http二级域名跳转https,解决http根域名跳转https
server {
listen 80;
server_name test.com;
if ($host != 'www.test.com') {
rewrite ^/(.*)$ https://www.test.com/$1 permanent;
}
}
server {
listen 80;
server_name www.test.com;
rewrite ^/(.*)$ https://www.test.com/$1 permanent;
}
3,重启Ngnix,即可
4,如果网站中有请求非Https域的文件,刚浏览器地址栏会显示该网站不安全,修改或删除对应的非https请求,即可