nginx配置https

单个域名SSL证书

server {
    listen              80;
    listen              443 ssl;
    server_name         www.example.com;
    
    ssl_certificate     www.example.com.crt;
    ssl_certificate_key www.example.com.key;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;
    # url重写，使用https
    if ($ssl_protocol = "") {
        rewrite ^ https://$server_name$request_uri? permanent;
    }
}

具有多个域名的SSL证书

最好将带有多个名称的证书文件及其私钥文件放在配置的http级别，以在所有服务器中继承其单个内存副本

ssl_certificate     common.crt;
ssl_certificate_key common.key;

server {
    listen          443 ssl;
    server_name     www.example.com;
    ...
}

server {
    listen          443 ssl;
    server_name     www.example.org;
    ...
}