直接上代码,server 配置如下,同时支持 http 和 https 访问:1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27server {
listen 80 default; # 配置默认端口
listen 443 ssl; # 配置 ssl 端口
server_name your.server.name; # 配置解析域名
ssl_certificate /etc/letsencrypt/live/your.server.name/fullchain.pem; # 证书位置
ssl_certificate_key /etc/letsencrypt/live/your.server.name/privkey.pem; # 私钥位置
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1; # 指定密码为openssl支持的格式
ssl_ciphers HIGH:!aNULL:!MD5; # 密码加密方式
ssl_prefer_server_ciphers on; # 依赖SSLv3和TLSv1协议的服务器密码将优先于客户端密码
# if ($server_port != 443) { # 通过判断端口,强制访问https
# rewrite (.*) https://$host$1 permanent;
# }
location / {
root html/your.server.name; # 根目录的相对位置
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
另外还可以使用如下配置实现http重定向到https1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28server {
listen 80;
server_name your.server.name;
#rewrite ^(.*) https://$server_name$1 permanent;
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
listen 443; # 监听端口为443
server_name your.server.name;
ssl on; # 开启ssl
ssl_certificate /etc/letsencrypt/live/your.server.name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your.server.name/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html/your.server.name;
index index.html index.htm;
}
}