Nginx 配置证书启用HTTPS
现在站点没有配置 HTTPS 证书,浏览器都无法正常打开站点。为了确保安全并解决这个问题,我们需要为 Web 服务器配置 SSL 证书。通过使用有效的 SSL 证书,我们可以启用 HTTPS,使浏览器能够安全地连接到站点,同时提供加密保护以保障用户数据的安全。
安装
apt install nginx nginx-extras
生成自签名证书
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
Nginx配置
/etc/nginx/sites-available/default
server {
listen 80;
server_name your_domain.com;
return 301 https://$host$request_uri; # Redirect HTTP to HTTPS
}
server {
listen 443 ssl;
server_name your_domain.com;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256";
location / {
root /var/www/html;
index index.html index.htm;
}
}
sudo systemctl reload nginx
申请免费证书
sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx -d your_domain.com -d www.your_domain.com
使用crontab定期自动申请证书:
0 0 * * * /usr/bin/certbot renew --quiet