1、443端口配置
server {
listen 443 ssl;
server_name www.test.com;
ssl_certificate /usr/local/nginx/cert/test.pem;
ssl_certificate_key /usr/local/nginx/cert/test1.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
……
}
2、80端口转443端口
server{
listen 80;
server_name www.test.com;
rewrite ^(.*)$ https://$host$1 permanent;
}
3、其他端口支持https配置
server {
listen 8101 ssl;
server_name 127.0.0.1;
# 默认首页
index index.html;
ssl_certificate /usr/local/nginx/cert/test.pem;
ssl_certificate_key /usr/local/nginx/cert/test1.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
}
备注:
1、test.key文件生成时可能会被加密码,nginx每次启动都需要输入密码,这时候需要转成无密码文件,执行下面命令会让输入密码,输入密码后操作完成
openssl rsa -in test.key -out test1.key
2、如果拿到的是cer文件可以用下面命令来转换成pem文件
openssl x509 -in test.cer -out test.pem