使用Nginx配置HTTPS域名證書
1. 安裝SSL模塊
要在nginx中配置https,就必須安裝ssl模塊,也就是: http_ssl_module。
-
進入到nginx的解壓目錄: /home/software/nginx-1.16.1
-
新增ssl模塊(原來的那些模塊需要保留)
./configure \ --prefix=/usr/local/nginx \ --pid-path=/var/run/nginx/nginx.pid \ --lock-path=/var/lock/nginx.lock \ --error-log-path=/var/log/nginx/error.log \ --http-log-path=/var/log/nginx/access.log \ --with-http_gzip_static_module \ --http-client-body-temp-path=/var/temp/nginx/client \ --http-proxy-temp-path=/var/temp/nginx/proxy \ --http-fastcgi-temp-path=/var/temp/nginx/fastcgi \ --http-uwsgi-temp-path=/var/temp/nginx/uwsgi \ --http-scgi-temp-path=/var/temp/nginx/scgi \ --with-http_ssl_module -
編譯和安裝
make make install
2. 配置HTTPS
-
把ssl證書
*.crt和 私鑰*.key拷貝到/usr/local/nginx/conf目錄中。 -
新增 server 監聽 443 端口:
server { listen 443; server_name www.imoocdsp.com; # 開啟ssl ssl on; # 配置ssl證書 ssl_certificate 1_www.imoocdsp.com_bundle.crt; # 配置證書秘鑰 ssl_certificate_key 2_www.imoocdsp.com.key; # ssl會話cache ssl_session_cache shared:SSL:1m; # ssl會話超時時間 ssl_session_timeout 5m; # 配置加密套件,寫法遵循 openssl 標准 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; location / { proxy_pass http://tomcats/; index index.html index.htm; } }
3. reload nginx
./nginx -s reload
騰訊雲配置https文檔地址:https://cloud.tencent.com/document/product/400/35244