纸帆|ZevenFang

我们终其一生寻找的无非是那个甘愿为你停下脚步,为你驻足的人。

0%

Nginx 配置 SSL 虚拟主机

直接上代码,server 配置如下,同时支持 http 和 https 访问:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
server {
listen 80 default; # 配置默认端口
listen 443 ssl; # 配置 ssl 端口
server_name your.server.name; # 配置解析域名

ssl_certificate /etc/letsencrypt/live/your.server.name/fullchain.pem; # 证书位置
ssl_certificate_key /etc/letsencrypt/live/your.server.name/privkey.pem; # 私钥位置

ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1; # 指定密码为openssl支持的格式
ssl_ciphers HIGH:!aNULL:!MD5; # 密码加密方式
ssl_prefer_server_ciphers on; # 依赖SSLv3和TLSv1协议的服务器密码将优先于客户端密码

# if ($server_port != 443) { # 通过判断端口,强制访问https
# rewrite (.*) https://$host$1 permanent;
# }

location / {
root html/your.server.name; # 根目录的相对位置
index index.html index.htm;
}

error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}

另外还可以使用如下配置实现http重定向到https
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
server {

listen 80;
server_name your.server.name;

#rewrite ^(.*) https://$server_name$1 permanent;
rewrite ^(.*)$ https://$host$1 permanent;

}
server {

listen 443; # 监听端口为443
server_name your.server.name;

ssl on; # 开启ssl
ssl_certificate /etc/letsencrypt/live/your.server.name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your.server.name/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

location / {
root html/your.server.name;
index index.html index.htm;
}

}