I want to set up SSL for my site

[infoabcd]

I tried to set nginx.conf but it didn't work. How do I set SSL correctly?

[DanWin]

Best way would be to copy the vhost configuration of the domain you want to setup SSL for to an extra file under /etc/nginx/sites-enabled/ and configure it with listen [::]:443 ssl http2; Then point the ssl_certificate and ssl_certificate_key options to the respective key and certificate chain file. To acquire those, you could for example use https://github.com/Neilpang/acme.sh

[infoabcd]

So how do you set NGINX's pseudo-static?

[infoabcd]

I changed hosted_sites but it didn't seem to work

[DanWin]

The hosted_sites file is regenerated every time a new site is registered. As of now SSL certificates are not yet integrated into the hosting script (issue #82), so you need to copy the relevant host into a new file, with the added options and reload nginx to get activated.

[infoabcd]

Well, I did what you said. I copied a site's configuration file in sites-enabled and named it sites Nginx seems to be invalid after reloading? The following is my configuration file server { listen [::]:80; listen [::]:443 ssl http2; ssl_certificate /etc/nginx/ssl/ca.crt; ssl_certificate_key /etc/nginx/ssl/key.pem; root /home/system/www; server_name i.ac.cn; access_log /var/log/nginx/access_system.log custom buffer=4k flush=1m; access_log /home/system/logs/access.log custom buffer=4k flush=1m; error_log /var/log/nginx/error_system.log notice; error_log /home/system/logs/error.log notice; autoindex on; location / { try_files $uri $uri/ =404; location ~ [^/]\.php(/|$) { include snippets/fastcgi-php.conf; fastcgi_pass unix:/run/php/system; } } }

[DanWin]

If you have the same server_name also in hosted_sites, try removing the listen [::]:80; part from it, because it will be duplicate otherwise. Also make sure the certificate and key files are readable to nginx. If the issue persists, check journalctl -f or /var/log/nginx/error.log for any useful error messages.

[infoabcd]

There were no errors reported, but when I looked up port 443 occupancy, I found that only ipv6 was being listened to

[infoabcd]

[DanWin]

Add ipv6only=off as listening option then. Like listen [::]:443 ipv6only=off ssl http2;

[infoabcd]

Thanks！ I have solved it successfully