ubuntu nginx添加SSL证书访问

当我们项目使用到https访问的时候 ,需要服务器端配制站点SSL证书,就可以使用浏览器通过https访问站点或api接口了。

SSL证书需要从服务商申请并下载到你自己的电脑上,由你的电脑上传到服务器上。一般阿里云、或腾讯云都有这类免费SSL证书可以申请 的,当然了,除了这两个平台可以申请外,还有很多平台可以申请 ,这里只提两个平台的。其他平台自己研究了。

我们环境使用的是nginx,我们直接配制nginx配制文件,一般是站点的nginx配制文件。我这里每个站点都有独立的配制文件 ,打开配制文件,在你的站点http正常访问的环境下添加如下SSL配制就可以了,修改完成记得重启nginx生效。

SSL证书放到服务器上的/usr/local目录下,在这个目录中新建一个cert文件夹,把证书放在此目录中

listen 443 ssl;
	 listen [::]:443;
          ssl_certificate /usr/local/cert/6751199_mgj.nyw.com.pem;
          ssl_certificate_key /usr/local/cert/6751199_mgj.nyw.com.key;
          ssl_session_cache shared:SSL:1m;
          ssl_session_timeout 5m;
          ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
          ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
          ssl_prefer_server_ciphers on;

完整的配制文件如下

server {
	listen 80;
	listen [::]:80;

	# SSL configuration
	#
	 listen 443 ssl;
	 listen [::]:443;
          ssl_certificate /usr/local/cert/6751199_mgj.nyw.com.pem;
          ssl_certificate_key /usr/local/cert/6751199_mgj.nyw.com.key;
          ssl_session_cache shared:SSL:1m;
          ssl_session_timeout 5m;
          ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
          ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
          ssl_prefer_server_ciphers on;

	root /var/www/mgj.nyw.com;

	# Add index.php to the list if you are using PHP
	index index.html index.htm index.nginx-debian.html index.php;

	server_name mgj.nyw.com;

	location / {
		# First attempt to serve request as file, then
		# as directory, then fall back to displaying a 404.
		try_files $uri $uri/ =404;
	if (!-e $request_filename){
		rewrite  ^(.*)$  /index.php?s=$1  last;   break;
	}
	}

	# pass PHP scripts to FastCGI server
	
	location ~ \.php$ {
                include snippets/fastcgi-php.conf;
		# With php-fpm (or other unix sockets):
		fastcgi_pass unix:/run/php/php7.0-fpm.sock;
		# With php-cgi (or other tcp sockets):
		#fastcgi_pass 127.0.0.1:9000;
	}

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	#location ~ /\.ht {
	#	deny all;
	#}



}

你可能感兴趣的:(linux,ssl,nginx,ubuntu)