一、在/etc/nginx/conf.d目录下创建虚拟主机配置文件
server {
listen 80;
server_name www.xx.com xx.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443;
server_name www.xx.com xx.com;
ssl on;
ssl_certificate /www/xx.com/ssl/xx.com-ca-bundle.crt;
ssl_certificate_key /www/xx.com/ssl/xx.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
ssl_prefer_server_ciphers on;
location / {
root /www/xx.com/www/www;
index index.html index.htm;
}
}
二、查看443端口是否打开
firewall-cmd --zone=public --list-ports
三、如果没有打开增加443端口
firewall-cmd --zone=public --add-port=443/tcp --permanent
四、重新载入防火墙
firewall-cmd --reload