nginx 发布/更换 https 证书
Linux 运维,nginx
|
greytracks


域名: www.greytracks.com greytracks.com

第一步: 在腾讯云下载证书文件 zip ,并上传到 nginx 服务器中


第二步:解压后 看看目录结构


每个文件的作用与意义


第三步: nginx 配置文件修改


一般配置一次就够,其他只需 续期证书即可

cat wordpress.conf

server {
    listen 80;
    server_name 119.45.13.164 greyracks.com;
    root /var/www/wordpress;
    index index.php index.html index.htm;
    
    return 301 https://www.greytracks.com;

}

server {
     listen 443 ssl; 
     server_name www.greytracks.com greytracks.com; 
     root /var/www/wordpress;
     index index.php index.html index.htm;

     #请填写证书文件的相对路径或绝对路径
     #ssl_certificate cloud.tencent.com_bundle.crt; 
     ssl_certificate /certificate/greytracks/greytracks.com_bundle.crt;
     #请填写私钥文件的相对路径或绝对路径
     #ssl_certificate_key cloud.tencent.com.key;
     ssl_certificate_key /certificate/greytracks/greytracks.com.key;
     ssl_session_timeout 5m;
     #请按照以下协议配置
     ssl_protocols TLSv1.2 TLSv1.3; 
     #请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
     ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; 
     ssl_prefer_server_ciphers on;
     
     #add_header Content-Security-Policy "upgrade-insecure-requests";

     # 增加上传大小限制
    client_max_body_size 64M;


    fastcgi_param HTTPS on;
    fastcgi_param HTTP_X_FORWARDED_PROTO https;


 
    location / {
        try_files $uri $uri/ /index.php?$args;
    }
    
    location ~ \.php$ {
        fastcgi_pass  127.0.0.1:9000;
        # fastcgi_pass unix:/run/php/php7.4-fpm.sock;     # Ubuntu
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
	#临时加的
	#fastcgi_param HTTPS on;
        #fastcgi_param HTTP_X_FORWARDED_PROTO https;
	
	#sub_filter_once off;
        #sub_filter 'http://greytracks' 'https://greytracks.com';
        #sub_filter 'http://119.45.13.164' 'https://greytracks.com';
        #sub_filter 'http:' 'https:';
        
        # 处理所有域名/IP变体
        #sub_filter_types text/html text/css text/javascript application/javascript application/json;
        #sub_filter 'src="http://' 'src="https://';
        #sub_filter 'href="http://' 'href="https://';
    }
    
    location ~ /\.ht {
        deny all;
    }
    
    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }
    
    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

}


第四步 更换证书

#切换到证书目录
cd /certificate/greytracks/

#复制证书到当前目录
cp ~/greytracks.com_nginx/*  ./

#重新加载nginx
nginx -s reload

#完成 访问浏览器测试 ,建议用无痕浏览器 !!!


第五步 验证完事!

用无痕,或清除浏览器痕迹后测试!

nginx
上一篇