阿里云服务器部署的博客增加 SSL

2022-11-05 03:11:18 8746 ⋅ 0 ⋅ 0

一、方法

https://help.aliyun.com/document_detail/98728.html?spm=0.2020520163.help.dexternal.45d3Acq0Acq0PO

二、步骤

在Nginx独立服务器上安装证书
登录Nginx服务器。
执行以下命令,在Nginx安装目录(默认为/usr/local/nginx/conf)下创建一个用于存放证书的目录。

cd /usr/local/nginx/conf  #进入Nginx默认安装目录。如果您修改过默认安装目录,请根据实际配置调整。
mkdir cert  #创建证书目录,命名为cert。

1、实际安装的NGINX路径:

cd /etc/nginx/
mkdir cert

2、将证书文件和私钥文件上传到Nginx服务器的证书目录(示例中为/etc/nginx/vhost/cert)

root@iZ94j7ehy5oZ:/etc/nginx/cert# ls -l
total 8
-rw-r--r-- 1 root root 1675 Nov  5 10:51 8747260_www.digtime.cn.key
-rw-r--r-- 1 root root 3813 Nov  5 10:51 8747260_www.digtime.cn.pem
root@iZ94j7ehy5oZ:/etc/nginx/vhost/cert#

3、编辑Nginx配置文件(nginx.conf),修改与证书相关的配置。

myblog.conf

root@iZ94j7ehy5oZ:/etc/nginx/vhost# cat myblog.conf 
server {
        listen 443 ssl;

        root /var/www/road2chain/public;
        index index.php  index.html index.htm;

        # Make site accessible from http://localhost/
        server_name myblog.cn www.myblog.cn;

        ssl_certificate cert/8747260_www.myblog.cn.pem;  
        ssl_certificate_key cert/8747260_www.myblog.cn.key; 
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        #表示使用的加密套件的类型。
        ssl_protocols TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;

        # ssl-20160924
        # rewrite ^/(.*) https://digtime.cn/$1 permanent;
        # add_header Access-Control-Allow-Origin *;        

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                # handle 405 error
                # if ($request_method = 'OPTIONS') { 
                #  add_header Access-Control-Allow-Origin *; 
                # add_header Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS;
                # return 204; 
                #}

                try_files $uri $uri/ /index.php?$query_string;
                # Uncomment to enable naxsi on this location
                # include /etc/nginx/naxsi.rules
                # 405 error
        }

        location ~ \.php$ {
               try_files $uri /index.php =404;

               fastcgi_split_path_info ^(.+\.php)(/.+)$;

               fastcgi_pass unix:/usr/local/php7.0/var/run/php7.0-fpm.sock;

               fastcgi_index index.php;

               fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

               include fastcgi_params;
         }
}

server {
    listen 80;
    server_name myblog.cn; #需要将yourdomain替换成证书绑定的域名。
    rewrite ^(.*)$ https://$host$1; #将所有HTTP请求通过rewrite指令重定向到HTTPS。
    location / {
        try_files $uri $uri /index.php?$query_string;
    }

    location ~ \.php$ {
               try_files $uri /index.php =404;
               fastcgi_split_path_info ^(.+\.php)(/.+)$;
               fastcgi_pass unix:/usr/local/php7.0/var/run/php7.0-fpm.sock;
               fastcgi_index index.php;
               fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
               include fastcgi_params;
         }
}

警告 如果您使用的是阿里云ECS服务器,必须在ECS管理控制台的安全组页面,配置放行80端口和443端口,否则网站访问可能出现异常。关于如何配置安全组,请参见添加安全组规则。
file

重启NGINX

cd /usr/sbin
 ./nginx -s reload 

sudo service nginx restart

为者常成,行者常至

自由转载-非商用-非衍生-保持署名(创意共享3.0许可证