CentOS下在Nginx中添加SSL证书以支持HTTPS协议访问

1,上传证书文件至服务器,如 /usr/local/nginx/ssl 目录下
2,修改nginx的配置文件,若是虚拟站点,刚需要修改对应的配置文件,修改内容如下:

#基本的SSL配置
server {

 listen 443 ssl;
 server_name www.test.com;
 root /home/wwwroot/test.com;
 index index.php;

 ssl_certificate /usr/local/nginx/ssl/www.test.com.crt; #或者是pem后缀的
 ssl_certificate_key /usr/local/nginx/ssl/www.test.com.key;
 ssl_session_timeout 5m;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
 ssl_prefer_server_ciphers on;

}
#解决http二级域名跳转https,解决http根域名跳转https
server {

 listen 80;
 server_name test.com;
 if ($host != 'www.test.com') {
 rewrite ^/(.*)$ https://www.test.com/$1 permanent;
 }
}

server {

 listen 80;
 server_name www.test.com;
 rewrite ^/(.*)$ https://www.test.com/$1 permanent;
}

3,重启Ngnix,即可

4,如果网站中有请求非Https域的文件,刚浏览器地址栏会显示该网站不安全,修改或删除对应的非https请求,即可

Leave a Comment

Your email address will not be published.

*