开始我尝试用 let's encrypt 让http 变 https
官方:https://github.com/certbot/certbot
参考:https://www.cnblogs.com/cool-fire/p/8205911.html
这个因本人太笨,没配置成功,转用腾讯大大平台的免费ssl,见以下:
阿里云服务器,腾讯云ssl配置步骤及遇到的问题:
1.阿里云服务器SSL开443端口
登录 =》云服务器ECS=》相应的服务器点 管理 =》左侧点 本实例安全组 =》安全组列表 点右侧的 配置规则 =》 在公网入 点添加安全组规则,完成如下:
2.在腾讯云注册个免费证书(搜索证书直达)
3.Nginx配置SSL报错 nginx: [emerg] unknown directive "ssl"
要重新安装nginx 并配置
https://blog.csdn.net/weiyangdong/article/details/80008543
http://www.cnblogs.com/saneri/p/5391821.html
4.nginx在reload时候报错invalid PID number
https://www.cnblogs.com/tielemao/p/6163419.html
5.重启nginx 我后来重启服务器后成功
截图记录一下
6.nginx 配置端口以https访问
server {
listen ;
server_name www.yourdomain.com yourdomain.com;
root /alidata/www/apiShop2;
set $node_port 8360;
index index.js index.html index.htm;
if ( -f $request_filename/index.html ){
rewrite (.*) $1/index.html break;
}
if ( !-f $request_filename ){
rewrite (.*) /index.js;
}
location = /index.js {
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://127.0.0.1:$node_port$request_uri;
proxy_redirect off;
}
location ~ /static/ {
etag on;
expires max;
}
}
server {
listen ;
server_name www.yourdomain.com yourdomain.com; #填写绑定证书的域名
ssl on;
ssl_certificate 1_www.yourdomain.com_bundle.crt;
ssl_certificate_key 2_www.yourdomain.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1. TLSv1.; #按照这个协议配置
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
ssl_prefer_server_ciphers on;
location / {
root /alidata/www/apiShop2; #站点目录
set $node_port 8360;
index index.html index.htm;
if ( -f $request_filename/index.html ){
rewrite (.*) $1/index.html break;
}
if ( !-f $request_filename ){
rewrite (.*) /index.js;
}
location = /index.js {
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://127.0.0.1:$node_port$request_uri;
proxy_redirect off;
}
location ~ /static/ {
etag on;
expires max;
}
}
}
以上nginx 达到http 和 https 和 ip:8360 三个同时访问
当然可在nginx 加行配置把http 自动跳转到 https 大都这样做的