1、上aliyun.com 申请免费ssl证书, 登录aliyun后搜索 “ca证书” , 申请使用“文件验证”,把文件传到服务器指定目录上,验证即可。
2、然后下载证书, 解压后传到服务器上, 在nginx根目录下建cert文件夹, 然后把证书文件和key 放在cert文件夹下。
3、在nginx/conf/vhosts下建立 server配置文件, 域名ssl.conf
------------------------------------------------------------------------------------
server {
listen 443 ssl;
server_name xxx.xxx.net;
ssl_certificate /usr/local/nginx/cert/xxxxxxxxxxxxxxxxxx.pem;
ssl_certificate_key /usr/local/nginx/cert/xxxxxxxxxxxxxxxxxxxxxxxxxxx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:5001;
}
}
-----------------------------------------------------------------------
4、再建一个条状http请求的配置, 域名.conf
----------------------------------------------------------------------
server {
listen 80;
server_name xxxx.xxx.net;
location / {
rewrite ^http://xxx.xxx.net/(.*)$ https://xxx.xxx.net/$1 permanent;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
---------------------------------------------------------------------
5、重启nginx , ./sbin/nginx -s reload