申请证书
- 申请阿里云的证书申请地址
- 注意【保护类型】选择【一个域名】,【选择拼配】选择【Symantec】,才可以选择免费型DV SSL
- 可以查看签发证书的进程,需要在DNS解析添加一条CName的txt解析。
配置nginx
server {
listen 443;
server_name localhost;
root /;
ssl on;
index index.html index.htm;
ssl_certificate cert/path/server.pem;
ssl_certificate_key cert/path/server.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
}
https only
需要监听80端口,将http过来的请求转到https
server {
listen 80;
server_name www.fengbaiyang.cn;
rewrite ^(.*)$ https://${server_name}$1 permanent;
}
Comments
暂不支持评论,如有问题,请发邮件至baiyang.feng@outlook.com。 望不吝赐教~