标签:name ssh ssi ca证书 cert like tlsv1 远程服务器 cat
1.登录阿里云,进管理控制台 - 域名与网站 - 域名
2.选择对应的域名 - ssl证书 - 单域名免费证书
3.填写www或者对应的子域名,确定 - 等待审核通过
4.进入进管理控制台 - 安全(云盾) - CA证书服务 - 下载对应证书
5.ssh连接远程服务器,进入nginx安装目录(/etc/nginx/),新建cert目录
6.将下载下来的证书文件放到cert目录,一般包括(1526192532557.pem 1526192532557.key)
7.修改nginx配置文件
一、仍需访问http网址的情况:
server { ... listen 443 ssl; ... ssl_certificate /etc/nginx/cert/1526192532557.pem; ssl_certificate_key /etc/nginx/cert/1526192532557.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ... }
二、不需访问http网址,直接都转到https网址下
server { listen 80 default_server; listen [::]:80 default_server; server_name _; return 301 https://www.likefun.cn/; root /usr/share/nginx/html; include /etc/nginx/default.d/*.conf; location ~ ^/ { proxy_pass http://127.0.0.1:3002; } location ~ ^/qushan/.+ { proxy_pass http://127.0.0.1:3002; } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } } server { listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; server_name _; root /usr/share/nginx/html; ssl_certificate /etc/nginx/cert/1526192532557.pem; ssl_certificate_key /etc/nginx/cert/1526192532557.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; location ~ ^/ { proxy_pass http://127.0.0.1:3002; } location ~ ^/qushan/.+ { proxy_pass http://127.0.0.1:3002; } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } }
标签:name ssh ssi ca证书 cert like tlsv1 远程服务器 cat
原文地址:https://www.cnblogs.com/sunbey/p/9020027.html
