阿里云ssl证书安装及配置

阿里云搜索ssl证书, 购买, 申请后等10分钟审核

控制台->ssl证书控制台->下载nginx证书->上传服务器

修改nginx.conf配置文件

注意:

  1. nginx配置注意监听端口listen 443
  2. 服务器ECS 安全组策略是否开通443端口
server{
  listen 80;
  listen 443 ssl http2; #开始配置配置这一行, 一直无法生效

  server_name  a.fkiwi.com;
  root    /www/www/xxx/public;

    ssl_certificate  cert/3039928_xxx.com.pem;
    ssl_certificate_key cert/3039928_xxx.com.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    ...省略100行

}

重启nginx
nginx -t
nginx -s reload 
或
systemctl restart nginx

根据需要强制跳https

server {
   listen 80;
   server_name a.fkiwi.com;
   rewrite ^(.*) https://$server_name$1 permanent;
}