按以下步驟:
一、放開443端口
我的是雲服務器,默認沒開放443端口,需要先在控制台放開
二、使用let’s encrypt 生成證書
執行以下命令:
git clone https://github.com/letsencrypt/letsencrypt cd letsencrypt/ ./letsencrypt-auto certonly --standalone --email 123917244@qq.com -d coolfirer.com -d www.coolfirer.com
郵箱和域名換成自己的即可。
看到上圖就說明成功,nginx用到fullchain.pem和privkey.pem兩個。
三、配置nginx
修改/etc/nginx/sites-available/default文件, 增加443端口
server { listen 443 ssl; server_name www.coolfirer.com coolfirer.com; ssl on; ssl_certificate /etc/letsencrypt/live/coolfirer.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/coolfirer.com/privkey.pem; ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; ssl_prefer_server_ciphers on; location / { proxy_pass http://127.0.0.1:8090; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }
同時,配置80端口跳轉到443:
server { listen 80; server_name www.coolfirer.com coolfirer.com; return 301 https://$server_name$request_uri; }
四、重新加載nginx
nginx -s reload