nginx导入https证书

Posted 2022-03-10 wx5996893767bc8

nginx导入https证书

如果给的文件不是key 和pem按照下面的连接转换

​​https://blog.csdn.net/mnicsm/article/details/89421906​​

1.切换到nginx目录

cd /speedec/server/nginx/

2.创建一个存放证书的文件夹（名字随意）

mkdir sslkey

cd   sslkey

3.上传证书到创建的目录下

rz  server.pem

rz  _.tyut.edu.cn.key

mv _.tyut.edu.cn.key  tyut.key  --如果名字复杂自己可以改一个

4.防火墙添加443端口

firewall-cmd --zone=public --add-port=443/tcp --permanent

5.重新加载防火墙配置

firewall-cmd --reload

6.配置NGINX监听和证书路径

vi /speedec/server/nginx/conf/localhost.conf

#配置如下

server 

listen        443 ssl;

server_name localhost;   --这里改成域名

proxy_set_header        Host            $host;

proxy_set_header        X-Real-IP       $remote_addr;

proxy_set_header        X-Forwarded-For  $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto  $scheme;

proxy_set_header X-Forwarded-Port $server_port;

ssl_certificate    /speedec/server/nginx/sslkey/server.pem;  # 根据实际情况修改对应证书的路径

ssl_certificate_key  /speedec/server/nginx/sslkey/tyut.key; # 根据实际情况修改对应证书的路径

ssl_session_timeout     5m;

ssl_protocols   TLSv1 TLSv1.1 TLSv1.2;

ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;

ssl_prefer_server_ciphers       on;

ssl_verify_client off;

location / 

root   html;

index  index.html index.htm;

location /sfw/ 

proxy_pass http://127.0.0.1:9099/sfw/;

location /sfw_cms/ 

proxy_pass http://127.0.0.1:6099/sfw_cms/;

location /sfw2/ 

proxy_pass http://127.0.0.1:7099/sfw2/;

error_page   500 502 503 504  /50x.html;

location = /50x.html 

root   html;

7.重新加载nginx

/speedec/server/nginx/nginx  -s reload

8.页面访问https

​​https://scu.edu.cn/sfw/​​

9.这个是加强制跳转https 添加到80端口的server 下面

if ($scheme = http ) 

return 301 https://$server_name$request_uri;