nginx 不変原配置支持ssl

现环境：centos 下用yum安装的nginx

• 创建放证书的目录：mkdir -p /etc/nginx/certs
• 把证书文件放到 /etx/nginx/certs 目录下

在/etc/nginx/conf.d/ 目录下创建 ssl.conf 文件

server {
    listen  443;
    server_name  _;
    ssl                  on;
    ssl_certificate     /etc/nginx/certs/xxxx.crt;#配置证书位置
    ssl_certificate_key /etc/nginx/certs/xxxx.key;#配置秘钥位置

    ssl_session_timeout  5m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers AES128+EECDH:AES128+EDH;
    ssl_session_cache shared:SSL:10m;
    ssl_prefer_server_ciphers   on;
    underscores_in_headers on;

    location / {
        proxy_pass http://127.0.0.1;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_redirect off;
    }
}

重启nginx

这样可以在不动原配置情况让网站支持ssl