具体参见nginx的md文档
1、申请阿里云免费证
2、然后上传到nginx [root@nginx ~]# cd /etc/nginx/ && mkdir cert
3、[root@nginx ~]# unzip 2447549_www.testpm.cn_nginx.zip
4、[root@nginx ~]# ls
2447549_www.testpm.cn.key 2447549_www.testpm.cn_nginx.zip 2447549_www.testpm.cn.pem
[root@nginx ~]# cp 2447549_www.testpm.cn* /etc/nginx/cert/
5、证书配置
[root@nginx ~]# cd /etc/nginx/conf.d/
[root@nginx conf.d]# mv default.conf nginx_ssl.conf
[root@nginx conf.d]# vim nginx_ssl.conf
[root@nginx conf.d]# cat /etc/nginx/conf.d/nginx_ssl.conf
server {
listen 443 ssl;
server_name www.testpm.cn;
access_log /var/log/nginx/https_access.log main;
#ssl on;
ssl_certificate /etc/nginx/cert/2447549_www.testpm.cn.pem;
ssl_certificate_key /etc/nginx/cert/2447549_www.testpm.cn.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
}
