sudo mkdir /etc/nginx/ssl
進入目錄
cd /etc/nginx/ssl
產生 myserver.key和 server.csr
sudo openssl req -nodes -newkey rsa:2048 -sha256 -keyout myserver.key -out server.csr
產生後上傳到有簽發ssl憑證的域名商
上傳後等待域名商安全憑證簽發
簽發後下載 xxx.pem 和 yyy.crt 到 /etc/nginx/ssl
xxx 或 yyy名稱可以看自己喜歡取名, 只要記得設定 nginx時名稱路徑要對上
然後設定 nginx
sudo vi /etc/nginx/sites-enabled/nginxsetupfile
server {
listen 80; ## listen for ipv4; this line is default and implied
#listen [::]:80 default ipv6only=on; ## listen for ipv6
rewrite ^(.*) https://$host$1 permanent;
}
server {
listen 443 ssl;
server_name cclin.xyz;
access_log /var/log/nginx/mysite-access.log ;
error_log /var/log/nginx/mysite-error.log ;
location /static {
alias /home/for/static/path/static;
}
location / {
uwsgi_pass 127.0.0.1:8630;
include uwsgi_params;
}
ssl on;
ssl_certificate /etc/nginx/ssl/yyy.crt;
ssl_certificate_key /etc/nginx/ssl/myserver.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
}
設定完成後記得 重啟 nginx 請看之前一般http的設定
sudo service nginx restart
和 uwsgi
還有問了一下域名商
沒有留言:
張貼留言