windows配置nginx https证书

windows配置nginx https证书

申请/获取https证书
通过申请后会提供一个压缩文件下载,将解压文件中的证书信息配置到ssl_certificatessl_certificate_key

server {
        listen 443 ssl;  # 1.1版本后这样写
        server_name www.domain.com; #填写绑定证书的域名
        ssl_certificate 1_www.domain.com_bundle.crt;  # 指定证书的位置,绝对路径
        ssl_certificate_key 2_www.domain.com.key;  # 绝对路径,同上
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
        ssl_prefer_server_ciphers on;
        location / {
            root   html; #站点目录,绝对路径
            index  index.html index.htm;
        }
    }

配置完成后,重新加载nginx配置

./nginx -s reload

完整配置如下

server {
        listen      81;
        server_name  xxx.com;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header REMOTE-HOST $remote_addr;
			client_max_body_size 50m;
			client_body_buffer_size 256k;
			proxy_connect_timeout 1;
			proxy_send_timeout 30;
			proxy_read_timeout 60;
			proxy_buffer_size 256k;
			proxy_buffers 4 256k;
			proxy_busy_buffers_size 256k;
			proxy_temp_file_write_size 256k;
			proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
			proxy_max_temp_file_size 128m;
			
            proxy_pass http://xxx.com:80;
			proxy_set_header Host xxx.com:$server_port;
			proxy_set_header X-Forwarded-For $remote_addr;	
        }
		
	}
    server {
     listen 443;
     server_name xxx.com;
     ssl on;
     root html;
     index index.html index.htm;
     ssl_certificate   D:/soft/nginx/2915148_xxx.com_nginx/2915148_xxx.com.pem;
     ssl_certificate_key  D:/soft/nginx/2915148_xxx.com_nginx/2915148_xxx.com.key;
     ssl_session_timeout 5m;
     ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
     ssl_prefer_server_ciphers on;
	 
     location / {
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header REMOTE-HOST $remote_addr;
			client_max_body_size 50m;
			client_body_buffer_size 256k;
			proxy_connect_timeout 1;
			proxy_send_timeout 30;
			proxy_read_timeout 60;
			proxy_buffer_size 256k;
			proxy_buffers 4 256k;
			proxy_busy_buffers_size 256k;
			proxy_temp_file_write_size 256k;
			proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
			proxy_max_temp_file_size 128m;
			
            proxy_pass http://xxx.com:80;
			proxy_set_header Host xxx.com:$server_port;
			proxy_set_header X-Forwarded-For $remote_addr;	
        }
    }
版权声明:本文为u013964774原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。