开始我尝试用 let's encrypt 让http 变 https
官方:https://github.com/certbot/certbot
参考:https://www.cnblogs.com/cool-fire/p/8205911.html
这个因本人太笨,没配置成功,转用腾讯大大平台的免费ssl,见以下:
阿里云服务器,腾讯云ssl配置步骤及遇到的问题:
1.阿里云服务器SSL开443端口
登录 =》云服务器ECS=》相应的服务器点 管理 =》左侧点 本实例安全组 =》安全组列表 点右侧的 配置规则 =》 在公网入 点添加安全组规则,完成如下:
2.在腾讯云注册个免费证书(搜索证书直达)
3.Nginx配置SSL报错 nginx: [emerg] unknown directive "ssl"
要重新安装nginx 并配置
https://blog.csdn.net/weiyangdong/article/details/80008543
http://www.cnblogs.com/saneri/p/5391821.html
4.nginx在reload时候报错invalid PID number
https://www.cnblogs.com/tielemao/p/6163419.html
5.重启nginx 我后来重启服务器后成功
截图记录一下
6.nginx 配置端口以https访问
server { listen 80; server_name www.yourdomain.com yourdomain.com; root /alidata/www/apiShop2; set $node_port 8360; index index.js index.html index.htm; if ( -f $request_filename/index.html ){ rewrite (.*) $1/index.html break; } if ( !-f $request_filename ){ rewrite (.*) /index.js; } location = /index.js { proxy_http_version 1.1; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass http://127.0.0.1:$node_port$request_uri; proxy_redirect off; } location ~ /static/ { etag on; expires max; } } server { listen 443; server_name www.yourdomain.com yourdomain.com; #填写绑定证书的域名 ssl on; ssl_certificate 1_www.yourdomain.com_bundle.crt; ssl_certificate_key 2_www.yourdomain.com.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置 ssl_prefer_server_ciphers on; location / { root /alidata/www/apiShop2; #站点目录 set $node_port 8360; index index.html index.htm; if ( -f $request_filename/index.html ){ rewrite (.*) $1/index.html break; } if ( !-f $request_filename ){ rewrite (.*) /index.js; } location = /index.js { proxy_http_version 1.1; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass http://127.0.0.1:$node_port$request_uri; proxy_redirect off; } location ~ /static/ { etag on; expires max; } } }
以上nginx 达到http 和 https 和 ip:8360 三个同时访问
当然可在nginx 加行配置把http 自动跳转到 https 大都这样做的