https 服务器配置指南

Nginx

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
server {
listen 443;
server_name demo.com;
# 开启 ssl 支持
ssl on;
# 指定证书文件
ssl_certificate /usr/local/nginx/conf/server.crt;
# 指定私钥文件
ssl_certificate_key /usr/local/nginx/conf/server.key;
}
# 80 端口重定向
server {
listen 80;
server_name demo.com;
rewrite ^(.*) https://$server_name$request_uri? permanent;
}

有时候我们可能既需要 http 能访问,https 也能访问,那么我们可以这么配置 conf 文件:

1
2
3
4
5
6
7
8
server {
listen 80;
listen 443 ssl;
server_name demo.com;
ssl_certificate /usr/local/nginx/conf/server.crt;
ssl_certificate_key /usr/local/nginx/conf/server.key;
}

Apache

  1. 修改 httpd-ssl.conf 文件,在文件中配置证书和密钥
1
2
SSLCertificateFile /apache/conf/server.crt
SSLCertificateKeyFile /apache/conf/server.key
  1. 虚拟机设置
1
2
3
4
5
6
7
8
9
10
11
12
NameVirtualHost *:443
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /apache/conf/server.crt
SSLCertificateKeyFile /apache/conf/server.key
<Directory /var/www/html/virtual-web>
AllowOverride All
</Directory>
ServerAdmin email@example.com
DocumentRoot /var/www/html/virtual-web
ServerName demo.com
</VirtualHost>
  1. 修改 httpd.conf 文件
1
2
3
4
5
6
7
8
9
10
11
# 打开ssl模块
LoadModule ssl_module /opt/taobao/install/httpd/modules/mod_ssl.so
# 引入步骤1中修改的 ssl 配置文件
Include /apache/conf/httpd-ssl.conf
# 80 端口重定向
<VirtualHost *:80>
ServerName demo.com
Redirect permanent / https://demo.com/
</VirtualHost>

参考资料: