无宝塔
- 申请证书(我这里举阿里云申请到的例子)
- 配置文件的位置
一般在
/usr/local/nginx/conf/vhost 或 /www/server/nginx/conf 或 /www/server/panel/vhost/nginx
或者
- 里面有个证书路径,换掉就行,主域名和子域名配置好像有所不同
以wx.youjia66.com为例,配置信息如下
server { listen 443 ssl; client_header_timeout 30s; deny 100.100.0.31; server_name wx.youjia66.com; root /site/weiqin; ssl on; # 证书路径 ssl_certificate /etc/nginx/cert/youjia.com/youjia66.com.pem; ssl_certificate_key /etc/nginx/cert/youjia.com/youjia66.com.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; access_log /var/log/nginx/access_wx.youjia.com.log main; error_log /var/log/nginx/error_wx.youjia.com.cn.log; index index.php index.html index.htm; fastcgi_intercept_errors on; error_page 404 /public/error.html; client_max_body_size 10m; location / { index index.php index.html; if (!-e $request_filename) { rewrite ^(.*)$ /index.php?s=$1 last; break; } } location ~ .*\.(svn|git|log|pem) { return 404; } add_header X-Frame-Options SAMEORIGIN; location ~ \.php { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_split_path_info ^(.+\.php)(.*)$; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } location ~ ^/(static|data|upload|images|javascript|js|css|flash|media)/ { expires 30d; } location ~ ^/(application|system|captcha|session)/ { deny all; return 404; } location ~.*\.(js|css|png|jpg)$ { expires 3d; } location ~ /\.ht { deny all; } } server { listen 80; server_name wx.youjia66.com; rewrite ^(.*)$ https://$host$1 permanent; }
以www.dian68.net为例,配置信息如下
server { listen 443 ssl default_server; if ($http_host = dian68.net) { rewrite ^(.*)$ https://www.dian68.net$1 permanent; } client_header_timeout 30s; deny 100.100.0.31; server_name dian68.net www.dian68.net; root /site/weiqin; ssl on; ssl_certificate /etc/nginx/cert/dian68.net/dian68.net.pem; ssl_certificate_key /etc/nginx/cert/dian68.net/dian68.net.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; access_log /var/log/nginx/access_www.dian68.net.log main; error_log /var/log/nginx/error_www.dian68.net.log; index index.php index.html index.htm; fastcgi_intercept_errors on; error_page 404 /public/error.html; client_max_body_size 10m; location / { index index.php index.html; if (!-e $request_filename) { rewrite ^(.*)$ /index.php?s=$1 last; break; } } location ~ .*\.(svn|git|log|pem) { return 404; } add_header X-Frame-Options SAMEORIGIN; location ~ \.php { fastcgi_pass 127.0.0.1:9000; # fastcgi_pass unix:/var/run/php-fpm/php72-fpm.sock; fastcgi_split_path_info ^(.+\.php)(.*)$; fastcgi_param PATH_INFO $fastcgi_path_info; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; proxy_cache cache_one; } location ~ ^/(static|data|upload|images|javascript|js|css|flash|media)/ { expires 30d; } location ~ ^/(application|system|captcha|session)/ { deny all; return 404; } location ~.*\.(js|css|png|jpg)$ { expires 3d; } location ~ /\.ht { deny all; } } server { listen 80 default_server; server_name dian68.net www.dian68.net; if ($http_host = dian68.net) { rewrite ^(.*)$ https://www.dian68.net$1 permanent; } if ($http_host = www.dian68.net) { rewrite ^(.*)$ https://www.dian68.net$1 permanent; } return 403; #rewrite ^(.*)$ https://$host$1 permanent; }
注意
修改证书后,需要重载nginx配置,不然不会生效(之前就在这里跌了大坑,客户找我说怎么没有效果)
去服务器依次输入下列命令重载nginx配置: nginx -t nginx -s reload
有宝塔
有宝塔就简单很多了,直接申请,部署
注意:虽然简单,但是我还是推荐去使用阿里云ssl证书,宝塔的证书总是会存在各种未知问题,有些地方好像并不承认宝塔的ssl证书,之前我小程序开发就遇到,老式安卓手机前端无法调起接口,听同事说好像还有一些支付调用也是用不了,出问题了就欲哭无泪了
