nginx -V
nginx version: nginx/1.22.1
built by gcc 11.3.1 20221121 (Red Hat 11.3.1-4) (GCC)
built with OpenSSL 3.0.7 1 Nov 2022
TLS SNI support enabled
...
vim /etc/nginx/nginx.conf ## 查询nginx域名配置文件的路径,找到以下内容,显示为/etc/nginx/conf.d/*.conf
# include /etc/nginx/conf.d/*.conf
cd /etc/nginx/conf.d
vim 你域名.com.conf # 如域名叫:yourDomain.com
内容如下:
------------------
server {
listen 80;
server_name www.yourDomain.com yourDomain.com;
gzip on;
gzip_min_length 100;
gzip_types text/plain text/css application/xml application/javascript;
gzip_vary on;
location / {
}
}
# 开启 443 协议 Settings for a TLS enabled server.
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name yourDomain.com yourDomain.com; ##改为你的网站域名
root html;
ssl_certificate "/etc/nginx/conf.d/ssl/yourDomain.com.pem"; ##这里是你ssl的文件路径,别填错
ssl_certificate_key "/etc/nginx/conf.d/ssl/yourDomain.com.key"; ##这里是你ssl的文件路径,别填错
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.1 TLSv1.2; ## 根据需要修改加密协议,由于 **TLS v1** 存在不安全的算法,如果需要较高的安全性,建议删除 **TLS v1** ,demo中已经删除,不用修改
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf; ##这个是你nginx要读取的配置文件
location / {
}
}
------------------
nginx 校验语法
nginx -t ## 检查nginx配置语法
如果返回: 提示如下:no such file 或者 test failed
nginx:[emerg]B10_new_file(/cert/ss1conrigure.pem)
failed (SSL:error:02001002:system 1ibrary:fopen:No such file or directory:fopen('/cert/sslconfigure.pem','r')
error:2006D080:B10 routines:B10_new_file:no such file)
nginx:configuration file /etc/nginx/nginx.conf test failed
上述提示是找不到证书文件,说明文件路径可能配置不正确
直到校验通过:
nginx:theconfiguration file/etc/nginx/nginx.confsumtax is ok
nginx:configurationfile/etc/nginx/nginx.conftest is successful
查看nginx
可以看到该 nginx版本为 1.22.1,加密软件:OpenSSL 3.0.7 1
上传证书
将下载的证书文件上传到服务器中Nginx系统目录下的 cert 目录(例如/etc/nginx/conf.d/ssl)
在服务器上部署证书
nginx 校验语法
如果返回: 提示如下:no such file 或者 test failed
nginx:[emerg]B10_new_file(/cert/ss1conrigure.pem) failed (SSL:error:02001002:system 1ibrary:fopen:No such file or directory:fopen('/cert/sslconfigure.pem','r') error:2006D080:B10 routines:B10_new_file:no such file) nginx:configuration file /etc/nginx/nginx.conf test failed
上述提示是找不到证书文件,说明文件路径可能配置不正确
直到校验通过: nginx:theconfiguration file/etc/nginx/nginx.confsumtax is ok nginx:configurationfile/etc/nginx/nginx.conftest is successful
重新加载 nginx
检查nginx和证书部署情况
验证部署
分别在浏览器和服务端上校验
配置http 强制跳转 https