1.獲取免費的CA證照。
2.然後填寫資訊申請
3.下載對應證照
4.上傳證照到你的伺服器
cd usr/local/nginx/conf/vhost
mkdir cert
將.key和.pem檔案上傳到cert資料夾
5.配置nginx(最好把之前80埠的配置備份一份)
server
{
listen 443 ssl;
server_name xxxxxxxx;//你備案好的域名
index index.html index.htm index.php default.html default.htm default.php;
root xxxxxxx;#專案目錄
ssl_certificate cert/cfun.pem;
ssl_certificate_key cert/cfun.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
include rewrite/y.conf;
include enable-php-pathinfo.conf;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location / {
index index.php index.html index.htm;
if (!-e $request_filename) {
rewrite ^/(.*)$ /index.php?s=$1 last;
break;
}
}
location ~ /\.
{
deny all;
}
access_log /home/wwwlogs/y.log;
}
server {
listen 80;
server_name xxxxxxxx;//你備案好的域名;
access_log /home/wwwlogs/y.log;
rewrite ^(.*)$ https://$host$1 permanent; #把http的域名請求轉成https
}
}
Nginx 支援 rewrite 功能。若您在編譯時沒有去掉 pcre,您可在 HTTP 的 server 中增加
rewrite ^(.*) https://$host$1 permanent;
即可將預設80埠的請求重定向為 HTTPS。
6.重啟nginx,訪問域名:www.xxx.com .自動跳轉https安全訪問;如圖
7.總結:第一次聽別人說配安全證照,心生羨慕,有一種來自菜鳥的仰慕。當你接觸了才發現,原來如此。。。哈哈。多動手,多思考。Believe in yourself, everything is the beginning of the best!