ÔõÑùʵÏÖNginxµÄÇëÇóÖض¨Ïòµ½HTTPSÉèÖÃ
ÔõÑùʵÏÖNginxµÄÇëÇóÖض¨Ïòµ½HTTPSÉèÖÃ
ÔÚ»¥ÁªÍøÇéÐÎÖУ¬°ü¹ÜÍøÕ¾µÄÇå¾²ÐÔÊÇÖÁ¹ØÖ÷ÒªµÄ¡£Ê¹ÓÃHTTPSÐÒé¿ÉÒÔ¼ÓÃÜÊý¾Ý´«Ê䣬±ÜÃâÖÐÑëÈ˹¥»÷ºÍÊý¾Ýй¶¡£Nginx×÷Ϊһ¿îÖ÷ÒªµÄWebЧÀÍÆ÷ºÍ·´ÏòÊðÀíЧÀÍÆ÷£¬ÌṩÁËÇ¿Ê¢µÄ¹¦Ð§À´ÊµÏÖÍøÕ¾µÄHTTPSÖض¨Ïò¡£½ÓÏÂÀ´£¬ÎÒÃǽ«·ÖÏíÔõÑùÔÚNginxÖÐÉèÖã¬ÊµÏÖÇëÇóÖض¨Ïòµ½HTTPSµÄ°ì·¨ºÍÏêϸ´úÂëʾÀý¡£
°ì·¨Ò»£º×°ÖÃSSLÖ¤Êé
Ê×ÏÈ£¬ÎÒÃÇÐèÒªÔÚЧÀÍÆ÷ÉÏ×°ÖÃSSLÖ¤Êé¡£Äã¿ÉÒÔ´ÓȨÍþµÄSSLÖ¤Êé½ÒÏþ»ú¹¹£¨CA£©¹ºÖÃSSLÖ¤Ê飬»òÕßÑ¡ÔñÃâ·ÑµÄSSLÖ¤Ê飬ºÃ±ÈLet¡¯s Encrypt¡£×°ÖÃSSLÖ¤Êéºó£¬È·±£ÔÚNginxµÄÉèÖÃÖÐ׼ȷָ¶¨Ö¤ÊéºÍ˽ԿµÄ·¾¶¡£
°ì·¨¶þ£ºNginxÉèÖÃ
ÔÚNginxµÄÉèÖÃÎļþÖУ¬ÕÒµ½ÄãµÄÍøÕ¾ÉèÖã¨Í¨³£ÔÚ/etc/nginx/sites-available/Ŀ¼Ï£©£¬ÐÞ¸ÄÉèÖÃÒÔʵÏÖÇëÇóÖض¨Ïòµ½HTTPS¡£
server { listen 80; server_name your_domain.com; location / { return 301 https://$server_name$request_uri; } } server { listen 443 ssl; server_name your_domain.com; ssl_certificate /path/to/your_ssl_certificate.crt; ssl_certificate_key /path/to/your_ssl_certificate_key.key; # ÆäËûSSLÉèÖà # ... location / { # ÆäËûÉèÖà # ... } }
µÇ¼ºó¸´ÖÆ
ÔÚÉÏÃæµÄÉèÖÃÖУ¬ÎÒÃǽç˵ÁËÁ½¸öserver¿é¡£µÚÒ»¸öserver¿é¼àÌý80¶Ë¿Ú£¬ÉèÖÃÁËÇëÇóÖض¨Ïòµ½HTTPSµÄ¹æÔò£»µÚ¶þ¸öserver¿é¼àÌý443¶Ë¿Ú£¬ÉèÖÃÁËHTTPSµÄÖ¤ÊéºÍÆäËûSSLÑ¡Ïî¡£µ±ÓзÿÍͨ¹ýHTTP»á¼ûÍøվʱ£¬Nginx»á·µ»ØÒ»¸ö301Öض¨Ïòµ½ÏàͬµÄURL£¬µ«ÐÒéÊÇHTTPS¡£
°ì·¨Èý£ºÖØÆôNginxЧÀÍ
Íê³ÉÉèÖú󣬼ǵÃÖØÆôNginxЧÀÍ£¬Ê¹ÉèÖÃÉúЧ¡£
sudo systemctl restart nginx
µÇ¼ºó¸´ÖÆ
×ܽá
ͨ¹ýÒÔÉÏ°ì·¨£¬ÎÒÃÇʵÏÖÁËNginxµÄÇëÇóÖض¨Ïòµ½HTTPSÉèÖá£ÔÚÏÖʵ²Ù×÷ÖУ¬¿ÉÒÔƾ֤ÏêϸµÄÐèÇóºÍÇéÐÎ×öһЩÊʵ±µÄµ÷½â£¬ºÃ±ÈÌí¼ÓHSTS£¨HTTP Strict Transport Security£©Í·²¿£¬ÒÔÌá¸ßÇå¾²ÐÔ¡£Ï£Íû±¾ÎÄËùÊö¶ÔÄãÓÐËù×ÊÖú£¬ÈÃÄãµÄÍøÕ¾ÓµÓиüÇå¾²µÄ»á¼ûÇéÐΡ£
ÒÔÉϾÍÊÇÔõÑùʵÏÖNginxµÄÇëÇóÖض¨Ïòµ½HTTPSÉèÖõÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡