1、域名服务商控制台对ssl进行域名解析
2、下载ssl证书,一共两个文件xxx.key、xxx.pem,上传到服务器
3、在nginx配置文件中进行配置
server {
#监听433端口,后面一定要加ssl
listen 443 ssl;
#此处写需要解析的域名
server_name xxx;
charset utf-8;
#此处为下载的pem文件路径
ssl_certificate /etc/nginx/cert/xxx.pem;
#此处为下载的key文件路径
ssl_certificate_key /etc/nginx/cert/xxx.key;
#这四条直接copy
ssl_session_timeout 10m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
location / {
root /data/index/;
index index.html index.htm;
}
}
#用于将http请求重定向到https
server {
listen 80;
server_name xxx;
rewrite ^(.*)$ https://$host$1;
}