SSL免费证书申请好了,那么我就来看看nginx监听443端口配置SSL证书吧
如果还没安装nginx请看我另外一篇博文安装nginx教程:https://blog.csdn.net/lc8023xq/article/details/107430072
nginx配置:
http {
include mime.types;
default_type application/octet-stream;
gzip on;
gzip_min_length 1024;
gzip_types text/css application/x-javascript application/vnd.api+json;
gzip_disable "MSIE [1-6]\.";
gzip_comp_level 2;
sendfile on;
keepalive_timeout 65;
server {
listen 443 ssl;
server_name javakfz.com;
root /home/www/discuz/public;
index index.php;
ssl_certificate /opt/install/Nginx_SSL/1_javakfz.com_bundle.pem;
ssl_certificate_key /opt/install/Nginx_SSL/0_javakfz.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /home/www/discuz/public$fastcgi_script_name;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
server_name javakfz.com;
rewrite ^(.*)$ https://${server_name}$1 permanent;
}
}
如果在Nginx配置好SSL相关配置之后报错:
检查配置:/usr/local/nginx/sbin/nginx
报错:nginx: [emerg] unknown directive “ssl” in /usr/local/nginx/conf/nginx.conf:26
以上说明没有安装SSL模块,那么我们需要重新安装相关模块
1.在nginx的安装目录执行
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
2.在nginx的安装目录执行
make
最后
/usr/local/nginx/sbin/nginx -s reload # 重新载入配置文件
/usr/local/nginx/sbin/nginx -s reopen # 重启 Nginx