一、在阿里云后台申请免费版证书:
二、在域名解析里面添加记录:
三、提交审核:
四、等待审核通过后,下载nginx证书:
五、按照文档修改nginx配置文件:
https://help.aliyun.com/knowledge_detail/95491.html?spm=a2c4g.11186623.2.12.35e134f1kGVUlT
1、进入本地命令行,将本地的证书文件远程传送到服务器,记得加上端口:
scp -P 8290 ./1652724_www.locusy.top.key root@47.94.208.76:/root/
scp -P 8290 ./1652724_www.locusy.top.pem root@47.94.208.76:/root/
2、在服务器端查看文件是否拷贝成功:
3、在/ect/nginx目录下新建文件夹cert :
mkdir cert
4、将证书文件加到/etc/nginx/cert文件夹下面:
mv 1652724_www.locusy.top.key /etc/nginx/cert/
mv 1652724_www.locusy.top.pem /etc/nginx/cert/
5、服务器端进入nginx配置的目录:
/etc/nginx/conf.d
6、打开www-locusy-top.conf文件,配置如下:
server {
listen 80;
server_name www.locusy.top;
root /www/temp/blog/public/client;
index index.html;
location ~ .*\.(jpg|jpeg|gif|png|ico|css|js|pdf|txt)$ {
root /www/temp/blog/public;
}
rewrite ^(.*)$ https://$host$1 permanent;
# return 301 https://www.locusy.top$request_uri;
} server {
listen 443;
server_name www.locusy.top;
ssl on;
ssl_certificate cert/1652724_www.locusy.top.pem;
ssl_certificate_key cert/1652724_www.locusy.top.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
root /www/temp/blog/public/client;
index index.html;
location ~ .*\.(jpg|jpeg|gif|png|ico|css|js|pdf|txt)$ {
root /www/temp/blog/public;
} # if ($ssl_protocol = "") {
# rewrite ^(.*) https://$host$1 permanent;
# }
}
7、检查nginx配置问题:
nginx -t
8、重启nginx:
nginx -s reload
六:打开网址测试,跳转到https成功: