网站地址支持https可以增加安全性也可以增加seo排名,以前没有免费的证书服务,最近发现可在阿里云购买免费的Symantec品牌的单域名证书(每个子域需要单独购买免费的证书),购买地址:https://common-buy.aliyun.com/?commodityCode=cas#/buy
由于一次只能购买一年,所以一年后还需要再重新购买和安装。

购买后按照流程需要一段时间审批下来,审批下来后在SSL证书控制台查看并下载证书zip包,比如我的下来下来是:3021562_rongmayisheng.com_nginx.zip,解压后能看到两个文件:3021562_rongmayisheng.com.key、3021562_rongmayisheng.com.pem。
接下来是把这两个证书文件复制到对应ECS的nginx的conf/cert(我机器上具体目录是/usr/local/nginx/conf/cert)目录下,然后参考阿里云的官方文档来配置nginx.conf(我机器上具体目录是/usr/local/nginx/conf/nginx.conf):
期间我碰到两个问题,通过这两篇文章得到解决:
- Nginx配置SSL证书时——nginx:[emerg]unknown directive ssl错误
- nginx: [emerg] the “ssl” parameter requires ngx_http_ssl_module in /usr/local/nginx/conf/nginx.conf
最后一步,需要在ECS上增加https 443端口的安全组入口流量,操作路径:进入ECS“实例列表”–>实例后面的“更多”–>“网络和安全组”–>“安全组设置”–>“安全组列表”tab–>找到之前配置了http 80端口的安全组并点击后面的“配置规则”–>“添加安全组规则”按钮。配置如下:

至此访问自己的域名应该能用https://开头了
这里附上我的完整配置:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 |
worker_processes 1; error_log logs/error.log; error_log logs/error.log notice; error_log logs/error.log info; pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; client_max_body_size 2m; access_log logs/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 65; gzip on; server { listen 80; server_name localhost; rewrite ^(.*)$ https://$host$1 permanent; access_log logs/host.access.log main; location / { root html; index index.php index.html index.htm; } error_page 404 /404.html; error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } location ~* \.php$ { fastcgi_index index.php; fastcgi_pass 127.0.0.1:9000; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; } } server { listen 443 ssl; server_name rongmayisheng.com; ssl_certificate cert/3021562_rongmayisheng.com.pem; ssl_certificate_key cert/3021562_rongmayisheng.com.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { root html; index index.php index.html index.htm; } location ~* \.php$ { fastcgi_index index.php; fastcgi_pass 127.0.0.1:9000; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; } } } |