参考: https://cloud.tencent.com/document/product/400/35244
环境
1
2
| ~$ nginx -v
nginx version: nginx/1.18.0 (Ubuntu)
|
申请 SSL 证书
腾讯云
下载 Nginx 服务器类型
解压发送
1
| scp {chenjinxin.cn_bundle.crt,chenjinxin.cn.key} root@changxiangyu.cn:/usr/share/nginx/
|
编辑服务器 Nginx 配置文件 /etc/nginx/nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
| user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
# changxiangyu.cn
server {
listen 80;
listen [::]:80;
server_name changxiangyu.cn www.changxiangyu.cn;
#把http的域名请求转成https
return 301 https://$host$request_uri;
#location / {
# root /home/sammy/blog/public;
#}
#location /images {
# root /home/sammy/data/;
# autoindex on;
#}
}
server {
listen 443 ssl;
ssl_certificate /usr/share/nginx/changxiangyu.cn_bundle.crt;
ssl_certificate_key /usr/share/nginx/changxiangyu.cn.key;
ssl_session_timeout 5m;
#请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
#请按照以下协议配置
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
server_name changxiangyu.cn www.changxiangyu.cn;
location / {
root /home/sammy/blog/public;
}
location /images {
root /home/sammy/data/;
autoindex on;
}
}
# chenjinxin.cn
server {
listen 80;
listen [::]:80;
server_name chenjinxin.cn www.chenjinxin.cn;
#把http的域名请求转成https
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
ssl_certificate /usr/share/nginx/chenjinxin.cn_bundle.crt;
ssl_certificate_key /usr/share/nginx/chenjinxin.cn.key;
ssl_session_timeout 5m;
#请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
#请按照以下协议配置
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
server_name chenjinxin.cn www.chenjinxin.cn;
location / {
root /home/sammy/cjx_blog/public;
}
location /images {
root /home/sammy/data/;
autoindex on;
}
}
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
|
验证配置文件问题
1
| sudo /usr/sbin/nginx -t
|
重载 Nginx
1
| sudo /usr/sbin/nginx -s reload
|
成功后即可使用 chenjinxin.cn 进行访问