centos 中,lnmp一键安装包的nginx添加SSL证书
1.在阿里云申请证书。
要注意的是,如果阿里云申请证书时,采用的是文件验证方式。那么要将nginx中对应域名的conf文件先备份,证书申请下来后再改回来。
修改方法为删除掉划线部分:
server
{
listen 80;
#listen [::]:80;
server_name xcx.itbbn.top;
index index.html index.htm index.php default.html default.htm default.php;
root /home/wwwroot/xcx.host.com;
#以下部分删除
#error_page 404 /404.html;
include proxy-pass-php.conf;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /\.
{
deny all;
}
access_log /home/wwwlogs/xcx.itbbn.top.log;
#以上部分删除
}
2.到阿里云下载证书。证书解压后,将key和pem文件放在nginx安装目录下。目录由你定,稍后写conf文件对应得上就可以了。一般是在根目录建一个cert目录。
3.在网站的conf文件中添加以下代码
server {
listen 443;
server_name yoururl.com;
ssl on;
root html;
index index.html index.htm index.php;
ssl_certificate /usr/local/nginx/cert/yoururl.com/214075255540783.pem;
ssl_certificate_key /usr/local/nginx/cert/yoururl.com/214075255540783.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
include proxy-pass-php.conf;
location /nginx_status
{
stub_status on;
access_log off;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /\.
{
deny all;
}
access_log /home/wwwlogs/access.log;
}