1、将下载好的证书文件ssl.zip 上传至服务器。
2、解压包
- 可以看到关于各种web应用的key,本次示例为nginx,找到nginx的配置文件
- 备份原来的配置文件,防止失败后回退
- 修改配置文件
- 重启服务
##nginx配置文件内容
[root@VM_0_4_centos conf.d]# cat default.conf
server {
listen 443;
server_name www.dinganan.cn;
ssl on;
ssl_certificate /etc/ssl/1_www.dinganan.cn_bundle.crt;
ssl_certificate_key /etc/ssl/2_www.dinganan.cn.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
root /usr/share/nginx/html;
index index.php index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
root /usr/share/nginx/html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server{
listen 80;
server_name www.dinganan.cn;
rewrite ^/(.*)$ https://www.dinganan.cn:443/$1 permanent;
} - 访问页面
