Nginx配置https证书

证书配置

server {
    # 域名
    server_name xxx.xxx.com;

    # 日志
    access_log  /home/admin/logs/ichater/nginx_access.log;
    error_log   /home/admin/logs/ichater/nginx_error.log;

    ###https证书配置开始###
    listen 443 ssl;
    ssl on;
    ssl_certificate      /home/admin/develop/nginx/cert/243643646325335.pem;
    ssl_certificate_key  /home/admin/develop/nginx/cert/243643646325335.key;
    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers  on; # individual nginx logs for this web vhost
    ssl_stapling on;
    ssl_stapling_verify on;
    ###https证书配置结束###
}

配置http重定向https

主要是配置一个server，建议单独一个conf文件来配置。

server {
    listen       80;
    server_name  xxx.xxx.com www.xxx.xxx.com;
    rewrite ^(.*) https://$host$1 permanent;
}