要让网站升级成HTTPS,首先要申请或者购买ssl证书.
证书可以自己在服务器生成,但是这种证书的兼容性以及安全性都会存在比较大的问题.我们可以从专门的证书机构获取比较好的证书,比如可以通过阿里云去申请证书,但是这种证书有要求限制,只能免费使用一年.
server {
listen 443;
server_name www.vstary.com
ssl on;
root html;
index index.html index.htm;
ssl_certificate /home/test/cert/test.pem;
ssl_certificate_key /home/test/cert/test.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
重启服务器.
测试下你的域名,https://www.vstary.com,是否可以访问.
在证书正确的情况下,如果无法访问,可以查看下防火墙是否开放了端口,ssl貌似只能监听443接口.
修改允许端口参考: https://www.vstary.com/article/198
修改服务器配置:
server {
listen 80;
server_name www.vstary.com;
rewrite ^(.*)$ https://$host$1 permanent;
}
同时允许HTTP跟HTTPS协议访问
server {
listen 80
listen 443 ssl;
server_name www.vstary.com
ssl on;
root html;
index index.html index.htm;
ssl_certificate /home/test/cert/test.pem;
ssl_certificate_key /home/test/cert/test.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}