一、购买下载证书
二、将下载的证书上传到服务器
1、服务器根目录新增文件夹cert
cd /etc/nginx/
mkdir cert
2、本地证书上传到服务器
scp 证书地址/证书文件 root@服务器地址:/nginx根目录/cert/
三、更改nginx配置文件
vim /etc/nginx/conf.d/default.conf
server { listen 80; listen [::]:80; root /var/www/html; # Add index.php to the list if you are using PHP index index.php index.html index.htm index.nginx-debian.html; server_name 域名地址; #将 http 重定向 https return 301 https://$server_name$request_uri; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ /index.php?$query_string; } # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # location ~ \.php$ { try_files $uri /index.php =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } # deny access to .htaccess files, if Apache‘s document root # concurs with nginx‘s one # #location ~ /\.ht { # deny all; #} } #https server { listen 443; server_name 域名地址; ssl on; root /var/www/html; index index.php index.html index.htm; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ /index.php?$query_string; } location ~ \.php$ { try_files $uri /index.php =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } # ssl证书地址 ssl_certificate /etc/nginx/cert/证书名称.pem; # pem文件的路径 ssl_certificate_key /etc/nginx/cert/证书名称.key; # key文件的路径 # ssl验证相关配置 ssl_session_timeout 5m; #缓存有效期 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议 ssl_prefer_server_ciphers on; #使用服务器端的首选算法 }
重启nginx
service nginx restart
四、设置安全组
1、阿里云控制台->云服务器ECS->网络与安全->安全组