# Nginx
server {
listen 443 ssl;
server_name demo.com www.demo.com;
# 指定证书文件
ssl_certificate /etc/letsencrypt/live/demo.com/fullchain.pem;
# 指定私钥文件
ssl_certificate_key /etc/letsencrypt/live/demo.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
# 80 端口重定向
server {
listen 80;
server_name demo.com www.demo.com;
rewrite ^(.*) https://$server_name$request_uri? permanent;
}
有时候我们可能既需要 http 能访问,https 也能访问,那么我们可以这么配置 conf 文件:
server {
listen 80;
listen 443 ssl;
server_name demo.com www.demo.com;
# 指定证书文件
ssl_certificate /etc/letsencrypt/live/demo.com/fullchain.pem;
# 指定私钥文件
ssl_certificate_key /etc/letsencrypt/live/demo.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
# Apache
- 修改 httpd-ssl.conf 文件,在文件中配置证书和密钥
SSLCertificateFile /apache/conf/server.crt
SSLCertificateKeyFile /apache/conf/server.key
- 虚拟机设置
NameVirtualHost *:443
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /apache/conf/server.crt
SSLCertificateKeyFile /apache/conf/server.key
<Directory /var/www/html/virtual-web>
AllowOverride All
</Directory>
ServerAdmin email@example.com
DocumentRoot /var/www/html/virtual-web
ServerName demo.com
</VirtualHost>
- 修改 httpd.conf 文件
# 打开ssl模块
LoadModule ssl_module /opt/taobao/install/httpd/modules/mod_ssl.so
# 引入步骤1中修改的 ssl 配置文件
Include /apache/conf/httpd-ssl.conf
# 80 端口重定向
<VirtualHost *:80>
ServerName demo.com
Redirect permanent / https://demo.com/
</VirtualHost>