域名使用Https
...大约 2 分钟
域名使用Https
我是阿里云购买的域名,服务器在腾讯云
阿里云购买免费SSL证书
阿里云免费证书3个月,一年能免费购买20个。
站点是Nginx搭建,下载Nginx服务器类型的证书
部署到Nginx服务器上
把下载的文件解压,里面有后缀为 .pem 和 .key 的文件,改名称为 sslconfigure.pem 和 sslconfigure.key,上传到服务器 /usr/local/nginx/cert 文件夹下。
将ssl_certificate和ssl_certificate_key的值分别改成证书文件和私钥文件的完整路径
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
root /usr/local/nginx/html/dist;
index index.html;
location /life-doc/ {
proxy_pass http://localhost:80/;
proxy_buffer_size 1024k;
proxy_buffers 16 1024k;
proxy_busy_buffers_size 2048k;
proxy_temp_file_write_size 2048k;
}
location /waline/ {
proxy_pass http://150.158.58.15:8361/; # Waline 服务器的 URL
proxy_buffer_size 1024k;
proxy_buffers 16 1024k;
proxy_busy_buffers_size 2048k;
proxy_temp_file_write_size 2048k;
}
# 这里是新增的 gzip 配置
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_comp_level 6;
gzip_types application/atom+xml application/geo+json application/javascript application/x-javascript application/json application/ld+json application/manifest+json application/rdf+xml application/rss+xml application/xhtml+xml application/xml font/eot font/otf font/ttf image/svg+xml text/css text/javascript text/plain text/xml image/jpeg image/gif image/png;
gzip_vary off;
gzip_disable "MSIE [1-6]\.";
}
# 添加https server
server {
# 监听443端口,开始 ssl
listen 443 ssl;
# 域名
server_name wenlei.wang;
# 证书路径
ssl_certificate /usr/local/nginx/cert/sslconfigure.pem; # 这个目录需要替换成你自己证书的存放目录
ssl_certificate_key /usr/local/nginx/cert/sslconfigure.key; # 这个目录需要替换成你自己证书的存放目录
#SSL-END SSL相关配置
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # 由于 TLS v1存在不安全的算法,如果需要较高安全需要把 TLS v1删除
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:80/;
proxy_buffer_size 1024k;
proxy_buffers 16 1024k;
proxy_busy_buffers_size 2048k;
proxy_temp_file_write_size 2048k;
}
location /life-doc/ {
proxy_pass http://localhost:80/;
proxy_buffer_size 1024k;
proxy_buffers 16 1024k;
proxy_busy_buffers_size 2048k;
proxy_temp_file_write_size 2048k;
}
location /waline/ {
proxy_pass http://150.158.58.15:8361/; # Waline 服务器的 URL
proxy_buffer_size 1024k;
proxy_buffers 16 1024k;
proxy_busy_buffers_size 2048k;
proxy_temp_file_write_size 2048k;
}
# 这里是新增的 gzip 配置
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_comp_level 6;
gzip_types application/atom+xml application/geo+json application/javascript application/x-javascript application/json application/ld+json application/manifest+json application/rdf+xml application/rss+xml application/xhtml+xml application/xml font/eot font/otf font/ttf image/svg+xml text/css text/javascript text/plain text/xml image/jpeg image/gif image/png;
gzip_vary off;
gzip_disable "MSIE [1-6]\.";
}
}
nginx: [emerg] the "ssl" parameter requires ngx_http_ssl_module in /usr/local/nginx/conf/nginx.conf:67
这个错误表明Nginx在尝试使用SSL(安全套层)配置时发现系统中没有启用ngx_http_ssl_module模块。ngx_http_ssl_module是Nginx的一个标准模块,它允许Nginx通过SSL/TLS协议提供安全的HTTPS服务。
问题解决方法:
- 确认Nginx是否已经编译并安装了SSL模块。可以通过运行
nginx -V来检查是否包含了--with-http_ssl_module标志。 - 如果没有编译安装,你需要重新编译Nginx,并在编译时添加
--with-http_ssl_module标志。这可以通过下载Nginx源代码,然后使用以下命令进行编译和安装:
开放HTTPS访问及验证
开放防火墙