使用Let’s Encrypt的免费证书在Centos7搭建SSL服务 三 (Nginx开启SSL)
准备工作
安装nginx:
第一步 – 添加Nginx存储库
要添加CentOS 7 EPEL仓库,请打开终端并使用以下命令:
1 |
yum install epel-release |
第二步 – 安装Nginx
现在Nginx存储库已经安装在您的服务器上,使用以下yum
命令安装Nginx :
1 |
yum install nginx |
在对提示回答yes后,Nginx将在服务器上完成安装。
nginx 启动和停止:
1 2 |
systemctl start nginx systemctl stop nginx |
如果想在系统启动时启用Nginx。请输入以下命令:
1 |
systemctl enable nginx |
配置SSL服务
第一步:(本步骤可省略)
进入到 /usr/local/nginx/html
复制一个 crossdomain.xml 过去允许跨域访问
1 2 3 4 5 6 7 8 |
<?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <site-control permitted-cross-domain-policies="all"/> <allow-access-from domain="*"/> <allow-http-request-headers-from domain="*" headers="*"/> </cross-domain-policy> |
第二步:配置SSL
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
server { listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; server_name _; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_certificate "/etc/letsencrypt/live/code2048.net/fullchain.pem"; ssl_certificate_key "/etc/letsencrypt/live/code2048.net/privkey.pem"; ssl_session_timeout 10m; ssl_prefer_server_ciphers on; ssl_stapling on; ssl_stapling_verify on; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; location /crossdomain.xml { alias /usr/share/nginx/html/crossdomain.xml; } location / { proxy_pass http://tomcat_game; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass_request_headers on; } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } } |
此处配置了代理,不需要可以无视
主要内容为:
1 2 3 4 5 6 7 8 9 10 11 12 13 |
listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; server_name _; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_certificate "/etc/letsencrypt/live/code2048.net/fullchain.pem"; ssl_certificate_key "/etc/letsencrypt/live/code2048.net/privkey.pem"; ssl_session_timeout 10m; ssl_prefer_server_ciphers on; ssl_stapling on; ssl_stapling_verify on; |
fullchain.pem 和 privkey.pem 为申请的Let’s Encrypt的免费证书
也可以使用工具 转换成 crt 和 key 文件 转换工具:https://github.com/Neilpang/acme.sh#3-install-the-issued-cert-to-apachenginx-etc
启动服务
配置完成后启动服务
参考资料:
http://www.laozuo.org/11696.html
本文链接:使用Let’s Encrypt的免费证书在Centos7搭建SSL服务 三 (Nginx开启SSL)
转载声明:本站文章若无特别说明,皆为原创,转载请注明来源:破晓(http://www.code2048.net),谢谢!^^