一、購買下載證書
二、將下載的證書上傳到服務器
1、服務器根目錄新增文件夾cert
cd /etc/nginx/
mkdir cert
2、本地證書上傳到服務器
scp 證書地址/證書文件 root@服務器地址:/nginx根目錄/cert/
三、更改nginx配置文件
vim /etc/nginx/conf.d/default.conf
server { listen 80; listen [::]:80; root /var/www/html; # Add index.php to the list if you are using PHP index index.php index.html index.htm index.nginx-debian.html; server_name 域名地址; #將 http 重定向 https return 301 https://$server_name$request_uri; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ /index.php?$query_string; } # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # location ~ \.php$ { try_files $uri /index.php =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } #https server { listen 443; server_name 域名地址; ssl on; root /var/www/html; index index.php index.html index.htm; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ /index.php?$query_string; } location ~ \.php$ { try_files $uri /index.php =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } # ssl證書地址 ssl_certificate /etc/nginx/cert/證書名稱.pem; # pem文件的路徑 ssl_certificate_key /etc/nginx/cert/證書名稱.key; # key文件的路徑 # ssl驗證相關配置 ssl_session_timeout 5m; #緩存有效期 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全鏈接可選的加密協議 ssl_prefer_server_ciphers on; #使用服務器端的首選算法 }
重啟nginx
service nginx restart
四、設置安全組
1、阿里雲控制台->雲服務器ECS->網絡與安全->安全組
