配置nginx支持Https一定要先使用stop停止nginx然后重新代开不能使用reload
一:安装letsencrypt
1.从git上克隆下来
git clone https://github.com/letsencrypt/letsencrypt.git
2.切换到letsencrypt中
cd letsencrypt/
执行以下的命令(A/C)
./certbot-auto certonly --standalone --email 邮箱 -d 网址
成功后返回结果
二:nginx配置
server {
listen ;
#强制从http跳转到https
server_name 域名;
rewrite ^(.*) https://$server_name$1 permanent;
} server {
#暴露给外部访问的端口
listen ;
ssl on; ssl_certificate /etc/letsencrypt/live/域名/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/域名/privkey.pem; ssl_session_timeout 5m; ssl_protocols SSLv2 SSLv3 TLSv1 TLSv1.;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on; server_name 域名;
charset utf-;
location / {
include uwsgi_params;
#外部访问80就转发到内部8000
uwsgi_pass 127.0.0.1:;
}
}