Nginx HTTPSÉèÖý̳̣¬°ü¹ÜÍøÕ¾Êý¾Ý´«ÊäÇå¾²
nginx httpsÉèÖý̳̣¬°ü¹ÜÍøÕ¾Êý¾Ý´«ÊäÇå¾²
ÔÚµ±½ñµÄ»¥ÁªÍøʱ´ú£¬Ëæ×ÅÍøÂçÇå¾²ÎÊÌâÈÕÒæÍ»³ö£¬°ü¹ÜÍøÕ¾Êý¾Ý´«ÊäµÄÇå¾²ÐÔ±äµÃÖÁ¹ØÖ÷Òª¡£ÎªÁËʵÏÖÍøÕ¾µÄÇå¾²´«Ê䣬ʹÓÃHTTPSÐÒéÒѾ³ÉΪÁËÒ»¸ö±ê×¼¡£±¾ÎĽ«ÏÈÈÝÔõÑùͨ¹ýNginxÉèÖÃHTTPS£¬ÒÔ°ü¹ÜÍøÕ¾Êý¾Ý´«ÊäµÄÇå¾²¡£
ÌìÉúSSLÖ¤Êé
Ê×ÏÈ£¬ÎÒÃÇÐèÒªÌìÉúÓÃÓÚ¼ÓÃÜÊý¾Ý´«ÊäµÄSSLÖ¤Êé¡£¿ÉÒÔ¹ºÖÃÉÌÒµµÄSSLÖ¤Ê飬Ҳ¿ÉÒÔ×ÔÐÐÌìÉú×ÔÊðÃûµÄSSLÖ¤Êé¡£ÏÂÃæÒÔ×ÔÊðÃûÖ¤ÊéΪÀý¡£
ʹÓÃOpenSSLÏÂÁîÐй¤¾ßÌìÉú×ÔÊðÃûÖ¤Ê飺
$ openssl genrsa -out server.key 2048 $ openssl req -new -key server.key -out server.csr $ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
µÇ¼ºó¸´ÖÆ
ÌìÉúµÄserver.keyÊÇ˽ԿÎļþ£¬server.crtÊǹ«Ô¿Îļþ¡£
ÉèÖÃNginx
×°ÖÃNginxºó£¬ÉèÖÃÎļþÒ»Ñùƽ³£Î»ÓÚ/etc/nginx/nginx.conf¡£
Ê×ÏÈ£¬·¿ªÉèÖÃÎļþ£¬²¢ÔÚhttp¿éÖÐÌí¼ÓÒÔÏ´úÂ룺
http { server { listen 80; server_name your.domain.com; return 301 https://$host$request_uri; } }
µÇ¼ºó¸´ÖÆ
ÒÔÉÏÉèÖý«HTTPÇëÇóÖض¨Ïòµ½HTTPS¡£
½ÓÏÂÀ´£¬ÔÚhttp¿éÖÐÌí¼ÓÒÔÏ´úÂ룺
http { server { listen 443 ssl; server_name your.domain.com; ssl_certificate /path/to/server.crt; ssl_certificate_key /path/to/server.key; location / { root /path/to/your/website; index index.html; } } }
µÇ¼ºó¸´ÖÆ
½«/path/to/server.crtºÍ/path/to/server.keyÌ滻Ϊ×Ô¼ºÌìÉúµÄÖ¤ÊéÎļþ·¾¶¡£½«/path/to/your/websiteÌ滻ΪÄãµÄÍøÕ¾¸ùĿ¼¡£
ÖØÆôNginx
Íê³ÉÒÔÉÏÉèÖúó£¬ÉúÑIJ¢¹Ø±ÕÉèÖÃÎļþ¡£Ê¹ÓÃÒÔÏÂÏÂÁîÖØÆôNginxЧÀÍ£º
$ sudo systemctl restart nginx
µÇ¼ºó¸´ÖÆ
½«ÍøÕ¾µÄURLÐÞ¸ÄΪhttps://your.domain.com£¬¼´¿Éͨ¹ýHTTPS»á¼ûÄãµÄÍøÕ¾ÁË¡£
×ܽá
ͨ¹ýÒÔÉϼòÆӵİ취£¬ÎÒÃÇÀֳɵØÉèÖÃÁËNginxµÄHTTPSÖ§³Ö£¬°ü¹ÜÁËÍøÕ¾Êý¾Ý´«ÊäµÄÇå¾²ÐÔ¡£ËäÈ»£¬ÎªÁ˸üºÃµØ°ü¹ÜÍøÕ¾µÄÇå¾²ÐÔ£¬»¹¿ÉÒÔÉèÖÃÔ½·¢ÑÏ¿áµÄSSLÐæźͼÓÃÜÌ×¼þ¡£±ðµÄ£¬»¹¿ÉÒÔ˼Á¿ÆôÓÃHSTS£¨HTTP Strict Transport Security£©À´Ô¤·ÀÖÐÐÄÈ˹¥»÷¡£
Ï£ÍûÕâƪÎÄÕ¶ÔÄãÔÚÉèÖÃNginxµÄHTTPSÖ§³ÖÀú³ÌÖÐÌṩÁËһЩ×ÊÖú¡£Í¨¹ýºÏÀíµÄÉèÖã¬ÎÒÃÇÄܹ»½øÒ»²½ÔöÇ¿ÍøÕ¾µÄÇå¾²ÐÔ£¬±£»¤Óû§µÄÒþ˽Êý¾Ý¡£¼ÓÃÜ´«ÊäÄܹ»ÓÐÓðü¹ÜÊý¾ÝµÄÍêÕûÐÔºÍÉñÃØÐÔ£¬ÎªÓû§Ìṩ¸üÇå¾²µÄÉÏÍøÇéÐΡ£
ÒÔÉϾÍÊÇNginx HTTPSÉèÖý̳̣¬°ü¹ÜÍøÕ¾Êý¾Ý´«ÊäÇå¾²µÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡