- 拿到证书的公钥和私钥
- 文件上传服务器
scp <user@><source:><file> <user@><target:><file>
example:
scp ~/Downloads/nginx.ttl.zip root@gdt.ltt.aliyun.com:~/nginx.ttl.zip
- 找到服务器上nginx配置文件地址
- 一般执行
nginx -h可以看到 -c 的描述那里有指定默认的配置文件地址(/etc/nginx/nginx.conf) - 在配置文件的http模块下,添加已下内容
server {
listen 443;
server_name <host>;
ssl on;
root html;
index index.html index.htm;
ssl_certificate <path to public key relative to nginx config file>;
ssl_certificate_key <path to private key relative to nginx config file>;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:80;
}
}
- 重启nginx服务
nginx -s reload.
Tips linux上的命令如果忘了,一般我回通过history来查找,例如history | grep nginx
done.
