HTTPS 服务器配置指南

2016/03/07 httpsserver

# Nginx

server {
    listen 443 ssl;
    server_name demo.com www.demo.com;

    # 指定证书文件
    ssl_certificate /etc/letsencrypt/live/demo.com/fullchain.pem;
    # 指定私钥文件
    ssl_certificate_key /etc/letsencrypt/live/demo.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}

# 80 端口重定向
server {
    listen 80;
    server_name demo.com www.demo.com;
    rewrite ^(.*) https://$server_name$request_uri? permanent;
}

有时候我们可能既需要 http 能访问,https 也能访问,那么我们可以这么配置 conf 文件:

server {
    listen 80;
    listen 443 ssl;
    server_name  demo.com www.demo.com;

    # 指定证书文件
    ssl_certificate /etc/letsencrypt/live/demo.com/fullchain.pem;
    # 指定私钥文件
    ssl_certificate_key /etc/letsencrypt/live/demo.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}

# Apache

  1. 修改 httpd-ssl.conf 文件,在文件中配置证书和密钥
SSLCertificateFile /apache/conf/server.crt
SSLCertificateKeyFile /apache/conf/server.key
  1. 虚拟机设置
NameVirtualHost *:443
<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile /apache/conf/server.crt
    SSLCertificateKeyFile /apache/conf/server.key
    <Directory /var/www/html/virtual-web>
        AllowOverride All
    </Directory>
    ServerAdmin email@example.com
    DocumentRoot /var/www/html/virtual-web
    ServerName demo.com
</VirtualHost>
  1. 修改 httpd.conf 文件
# 打开ssl模块
LoadModule ssl_module /opt/taobao/install/httpd/modules/mod_ssl.so

# 引入步骤1中修改的 ssl 配置文件
Include /apache/conf/httpd-ssl.conf

# 80 端口重定向
<VirtualHost *:80>
    ServerName demo.com
    Redirect permanent / https://demo.com/
</VirtualHost>

# 参考资料

上次更新: 2022/11/26 10:08:40