1.存放不同域名證書目錄(加下載好的nginx證書放到對應的目錄 )
2. 關聯配置文件目錄
3.配置文件內容
子域名配置https (需要在阿里雲或其他雲服務器添加解析),二級域名解析到主ip
server {
listen 80;
server_name api.flxblog.club;
location / {
rewrite (.*) https://api.flxblog.club$1 permanent;
}
}
server {
# SSL configuration
#
listen 443;
ssl on; # 1.1版本后這樣寫
server_name api.flxblog.club; #填寫綁定證書的域名
ssl_certificate /etc/nginx/apiCart/1_api.flxblog.club_bundle.crt;
ssl_certificate_key /etc/nginx/apiCart/2_api.flxblog.club.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照這個協議配置
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://0.0.0.0:8000;
}
}
4.主域名配置https 證書
server {
# SSL configuration
#
listen 443;
ssl on; # 1.1版本后這樣寫
server_name www.flxblog.club; #填寫綁定證書的域名
ssl_certificate /etc/nginx/httpsCart/1_www.flxblog.club_bundle.crt; # 指定證書的位置,絕對路徑
ssl_certificate_key /etc/nginx/httpsCart/2_www.flxblog.club.key; # 絕對路徑,同上
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照這個協議配置
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照這個套件配置
ssl_prefer_server_ciphers on;
location / {
#網站主頁路徑。此路徑僅供參考,具體請您按照實際目錄操作。
root /var/www/html;
index index.html index.htm;
}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
server {
listen 80;
listen [::]:80;
server_name www.flxblog.club;
location / {
rewrite (.*) https://www.flxblog.club$1 permanent;
}
}
5.最后重新加載配置文件 nginx -s reload