软创互联

Ssl https

ssl
https

#1

参考:

另外可以在域名服务商申请免费ssl 证书,只是有时候需要等待较长时间。(原来是自己没有手动点击 “申请”,以为提交了就完事了 :joy:


#2

Nginx配置

server {
        # SSL configuration
        #
        # listen 443 ssl default_server;
        listen 443 ;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;

        #server_name _;
        server_name api.gugud.com www.api.gugud.com;
        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ssl on;
        ssl_certificate     /home/ubuntu/cert/xxx_cs.gugud.com.pem;
        ssl_certificate_key /home/ubuntu/cert/xxx_cs.gugud.com.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }

        location /cert-sync/ {
                proxy_pass http://localhost:41000/;
        }
}

server {
    listen 80;
    server_name api.gugud.com www.api.gugud.com;

    return 301 https://$server_name$request_uri;
}

#3

Nginx配置多个HTTPS域名