阿里云搜索ssl证书, 购买, 申请后等10分钟审核
控制台->ssl证书控制台->下载nginx证书->上传服务器
修改nginx.conf配置文件
注意:
- nginx配置注意监听端口listen 443
- 服务器ECS 安全组策略是否开通443端口
server{
listen 80;
listen 443 ssl http2; #开始配置配置这一行, 一直无法生效
server_name a.fkiwi.com;
root /www/www/xxx/public;
ssl_certificate cert/3039928_xxx.com.pem;
ssl_certificate_key cert/3039928_xxx.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
...省略100行
}
重启nginx
nginx -t
nginx -s reload
或
systemctl restart nginx
根据需要强制跳https
server {
listen 80;
server_name a.fkiwi.com;
rewrite ^(.*) https://$server_name$1 permanent;
}