Linux 添加HTTPS证书

之前的文章是linux 做反向代理!
现在继续添加证书。

cd /etc/nginx/conf.d

输入rz 回车上传证书文件
9358.com.crt
9358.com.key

需要编辑两个文件
vi 9358.conf

server{
        listen 80;
        server_name 9358.com;
        #做301将http跳转到https
        return    301 https://$server_name$request_uri;
}


server {
        listen 443 ssl;
        server_name 9358.com;
        root   html;
        ssl on;
        ssl_certificate /etc/nginx/conf.d/9358.com.crt;
        ssl_certificate_key /etc/nginx/conf.d/9358.com.key;
        ssl_session_timeout 5m;
        ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
        ssl_prefer_server_ciphers on;

    location / {

                proxy_pass  http://9358.com;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host      $host;
                proxy_set_header X-Forwarded-Proto https;
                proxy_redirect off;
#Proxy Settings

     proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

     proxy_max_temp_file_size 0;

     proxy_connect_timeout      90;

     proxy_send_timeout         90;

     proxy_read_timeout         90;

     proxy_buffer_size          4k;

     proxy_buffers              4 32k;

     proxy_busy_buffers_size    64k;

     proxy_temp_file_write_size 64k;

}

#添加dns到/etc/resolv.conf 或者是/etc/hosts,让其能够解析到IP。具体步骤如下:
#vim /etc/hosts
#修改hosts文件,在hosts文件里面加上一句

#127.0.0.1  localhost.localdomain  x.fleaphp.net
    access_log  /var/log/nginx/9358.com.access.log  main;
    error_log   /var/log/nginx/9358.com.error.log warn;
}

vi www.9358.conf

配置如上,只是添加了www一项。

server{
        listen 80;
        server_name www.9358.com;
        #做301将http跳转到https
        return    301 https://$server_name$request_uri;
}
server {
        listen 443 ssl;
        server_name www.9358.com;
        root   html;
        ssl on;
        ssl_certificate /etc/nginx/conf.d/9358.com.crt;
        ssl_certificate_key /etc/nginx/conf.d/9358.com.key;
        ssl_session_timeout 5m;
        ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
        ssl_prefer_server_ciphers on;

    location / {

                proxy_pass  http://www.9358.com;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host      $host;
                proxy_set_header X-Forwarded-Proto https;
                proxy_redirect off;
     #Proxy Settings

     proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

     proxy_max_temp_file_size 0;

     proxy_connect_timeout      90;

     proxy_send_timeout         90;

     proxy_read_timeout         90;

     proxy_buffer_size          4k;

     proxy_buffers              4 32k;

     proxy_busy_buffers_size    64k;

     proxy_temp_file_write_size 64k;

}


#添加dns到/etc/resolv.conf 或者是/etc/hosts,让其能够解析到IP。具体步骤如下:
#vim /etc/hosts
#修改hosts文件,在hosts文件里面加上一句

#127.0.0.1  localhost.localdomain  x.fleaphp.net
    access_log  /var/log/nginx/www.9358.com.access.log  main;
    error_log   /var/log/nginx/www.9358.com.error.log warn;
}

保存即可,
查看vi /etc/hosts 是否配置了这两条域名。
有重启 service nginx restart即可

你可能感兴趣的:(Linux)