1. 问题描述
如何将 SSL 证书上传到 centos 服务器,并使用 nginx 配置后,使其生效?
2. 解决方法
(1)下载已申请好的腾讯云免费 SSL 证书,解压。
(2)上传证书文件到 Linux 云服务器。
1
2
3
| scp /Users/user1/Downloads/tangxdou.com_nginx/tangxdou.com.key root@123.207.205.145:/etc/nginx/ssl
scp /Users/user1/Downloads/tangxdou.com_nginx/tangxdou.com_bundle.crt root@123.207.205.145:/etc/nginx/ssl
|
(3)修改配置文件。
1
| sudo vim /etc/nginx/conf.d/default.conf
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
| server {
listen 80;
server_name tangxdou.com www.tangxdou.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name tangxdou.com www.tangxdou.com;
ssl_certificate /etc/nginx/ssl/tangxdou.com_bundle.crt;
ssl_certificate_key /etc/nginx/ssl/tangxdou.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
access_log /var/log/nginx/example.access.log;
error_log /var/log/nginx/example.error.log;
root /home/git/project/hexo-blog;
index index.html index.htm;
}
|
(4)重载 Nginx 配置。
(5)若证书到期,重复执行(2)(4)即可。
3. 相关参考
https://cloud.tencent.com/document/product/400/35244