Menu Home

Nginx SSL服务器证书安装

By on

由 SSL 证书管理控制台 下载已经申请的 www.track2web.com 证书并且上传证书文件到服务器

royakon@bongon~: scp www.track2web.com.zip royakon@track2web.com:/home/royakon/
royakon@track2web.com's password:
www.track2web.com.zip                    100%   19KB  40.6KB/s   00:00

解压缩,并拷贝 Nginx 目录下的 证书文件、私钥文件到 Nginx 安装目录

royakon@iZj6cgtta7qckqs3t2vx67Z:~/tmp$ unzip www.track2web.com.zip
Archive:  www.track2web.com.zip
  inflating: www.track2web.com.csr
   creating: Nginx/
  inflating: Nginx/1_www.track2web.com_bundle.crt
  inflating: Nginx/2_www.track2web.com.key
   creating: Apache/
  inflating: Apache/1_root_bundle.crt
  inflating: Apache/2_www.track2web.com.crt
  inflating: Apache/3_www.track2web.com.key
   creating: IIS/
  inflating: IIS/www.track2web.com.pfx
  inflating: IIS/keystorePass.txt
   creating: Tomcat/
  inflating: Tomcat/www.track2web.com.jks
  inflating: Tomcat/keystorePass.txt
royakon@iZj6cgtta7qckqs3t2vx67Z:~/tmp$ ls
Apache  IIS  Nginx  Tomcat  www.track2web.com.csr  www.track2web.com.zip
royakon@iZj6cgtta7qckqs3t2vx67Z:~/tmp$ sudo mv ./Nginx/*.* /etc/nginx/conf.d/11
royakon@iZj6cgtta7qckqs3t2vx67Z:~/tmp$ ls /etc/nginx/conf.d
1_www.track2web.com_bundle.crt  2_www.track2web.com.key

编辑配置文件增加证书

# http访问 301 跳转到 https
server {
    listen 80;
    server_name www.track2web.com track2web.com;
    return 301 https://$host$request_uri;
}
# https 配置
server {
    # 端口配置
    listen 443 ssl;
    root /home/royakon/public_html;
    server_name www.track2web.com track2web.com;
    if ($host != 'www.track2web.com'){
        rewrite ^/(.*)$ https://www.track2web.com/$1 permanent;
    }
    # SSL 配置
    ssl_certificate conf.d/1_www.track2web.com_bundle.crt;
    ssl_certificate_key conf.d/2_www.track2web.com.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;


    location / {
        if (-f $request_filename/index.html) {
            rewrite (.*) $1/index.html break;
        }
        if (-f $request_filename/index.php) {
            rewrite (.*) $1/index.php;
        }
        if (!-f $request_filename) {
            rewrite (.*) /index.php;
        }
        try_files $uri $uri/ =404;
    }


    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.4-fpm.sock;
    }
}

验证配置文件,重启 Nginx 生效

royakon@iZj6cgtta7qckqs3t2vx67Z~: sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
royakon@iZj6cgtta7qckqs3t2vx67Z~: sudo service nginx restart

Categories: nginx ubuntu 工具技巧 网站优化

Tagged as:

RoyAkon