×ðÁú¿­Ê±

Nginx HTTPSÉèÖý̳Ì£¬± £»¤ÍøÕ¾Êý¾Ý´«ÊäÇå¾²

nginx httpsÉèÖý̳Ì£¬± £»¤ÍøÕ¾Êý¾Ý´«ÊäÇå¾²

Ëæ×Å»¥ÁªÍøµÄѸÃÍÉú³¤£¬ÍøÕ¾Çå¾²ÎÊÌâÈÕÒæÊܵ½ÖØÊÓ¡£ÎªÁ˱ £»¤ÍøÕ¾Êý¾ÝµÄ´«ÊäÇå¾²£¬Ê¹ÓÃHTTPSЭÒéÊÇÒ»¸öºÜÊÇÖ÷ÒªµÄ²½·¥¡£±¾ÎĽ«ÏÈÈÝÔõÑùʹÓÃNginxÉèÖÃHTTPS£¬È·±£ÍøÕ¾µÄÊý¾Ý´«ÊäÇå¾²¡£

Ò»¡¢×°ÖÃSSLÖ¤Êé

ÔÚÉèÖÃHTTPS֮ǰ£¬ÎÒÃÇÐèÒª»ñµÃÒ»¸öSSLÖ¤Ê飬ÒÔÈ·±£ÍøÕ¾µÄÉí·ÝºÍÊý¾Ý´«ÊäµÄÇå¾²ÐÔ¡£Äã¿ÉÒÔ´ÓµÚÈý·½Ö¤ÊéÊÚȨ»ú¹¹£¨CA£©¹ºÖÃÖ¤Ê飬»òÕßʹÓÃÃâ·ÑµÄ¿ªÔ´Ö¤ÊéÌìÉú¹¤¾ßÈçLet’s Encrypt¡£

×°ÖÃÖ¤ÊéµÄ°ì·¨ÈçÏ£º

ÏÂÔØÖ¤Ê飺½«Ö¤ÊéÎļþ£¨°üÀ¨¹«Ô¿¡¢Ë½Ô¿ºÍÖ¤ÊéÁ´£©ÏÂÔص½Ð§ÀÍÆ÷ÉÏ¡£Í¨³££¬Ö¤ÊéÎļþµÄÀ©Õ¹ÃûΪ.crtºÍ.key¡£

½¨ÉèSSL´æ´¢Îļþ£ºÊ¹ÓÃopensslÏÂÁ.crtºÍ.keyÎļþºÏ²¢ÎªÒ»¸ö.pemÃûÌõÄÎļþ£º

openssl rsa -in privateKey.key -text > privateKey.pem

openssl x509 -inform PEM -in certificate.crt > certificate.pem

cat privateKey.pem certificate.pem > ssl.crt

¶þ¡¢NginxÉèÖÃHTTPS

·­¿ªNginxÉèÖÃÎļþ£ºÍ¨³£Î»ÓÚ/etc/nginx/nginx.conf»ò/usr/local/nginx/conf/nginx.conf¡£

Ìí¼ÓHTTPSЧÀͿ飺ÔÚhttp¿éÄÚ£¬Ìí¼ÓÈçÏÂÉèÖãº

server {

listen 443 ssl;
server_name yourdomain.com;
ssl_certificate /path/to/ssl.crt;
ssl_certificate_key /path/to/privateKey.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
......

µÇ¼ºó¸´ÖÆ

}

listen 443 ssl£º¼àÌýHTTPSЭÒéµÄĬÈ϶˿Ú443£¬²¢ÆôÓÃSSL¡£

server_name£ºÌ滻ΪÄãµÄÓòÃû¡£

ssl_certificate£ºÖ¸¶¨SSLÖ¤ÊéµÄ·¾¶¡£

ssl_certificate_key£ºÖ¸¶¨SSL˽ԿµÄ·¾¶¡£

ssl_protocols£ºÖ¸¶¨Ö§³ÖµÄSSL/TLSЭÒé°æ±¾¡£

ssl_ciphers£ºÖ¸¶¨Ö§³ÖµÄ¼ÓÃÜËã·¨¡£

ÉèÖÃHTTPµ½HTTPSµÄÖض¨Ïò£ºÔÚhttp¿éÄÚ£¬Ìí¼ÓÈçÏÂÉèÖãº

server {

listen 80;
server_name yourdomain.com;
return 301 https://$server_name$request_uri;

µÇ¼ºó¸´ÖÆ

}

µ±Óû§»á¼ûHTTPÍøַʱ£¬Nginx»á×Ô¶¯½«ÆäÖض¨Ïòµ½HTTPSÍøÖ·¡£

ÉúÑIJ¢ÖØмÓÔØÉèÖãºÉúÑÄÉèÖÃÎļþ²¢Ö´ÐÐÒÔÏÂÏÂÁîÖØÆôNginxЧÀÍ£º

sudo service nginx restart

ÖÁ´Ë£¬ÄãÒÑÀÖ³ÉÉèÖÃÁËNginxµÄHTTPSЧÀÍ¡£

Èý¡¢ÓÅ»¯HTTPSÉèÖÃ

ΪÁ˽øÒ»²½Ìá¸ßÍøÕ¾µÄÇå¾²ÐÔºÍÐÔÄÜ£¬Äã¿ÉÒÔ½ÓÄÉÒÔÏÂÓÅ»¯²½·¥£º

¿ªÆôHTTP/2ЭÒ飺ʹÓÃNginxµÄHTTP/2Ä£¿é£¬½«HTTPSЭÒéÉý¼¶µ½HTTP/2£¬ÌáÉýÍøÕ¾µÄ¼ÓÔØËÙÂʺÍÐÔÄÜ¡£

ÔÚserver¿éÖÐÌí¼Ó£º

listen 443 ssl http2;

ÆôÓÃOCSP Stapling£ºOCSP StaplingÊÇÒ»ÖÖÌá¸ßSSLÑéÖ¤ËÙÂʺÍÇå¾²ÐÔµÄÊÖÒÕ¡£ÔÚserver¿éÖÐÌí¼Ó£º

ssl_stapling on;

ssl_stapling_verify on;

resolver 8.8.8.8 8.8.4.4 valid=300s;

resolver_timeout 5s;

ÉèÖÃHTTP Strict Transport Security£¨HSTS£©£ºHSTS¿ÉÒÔÇ¿Öƽ«ËùÓеÄHTTPÇëÇóÖض¨Ïòµ½HTTPS£¬²¢±ÜÃâÖÐÐÄÈ˹¥»÷¡£

ÔÚserver¿éÖÐÌí¼Ó£º

add_header Strict-Transport-Security “max-age=31536000; includeSubDomains; preload”;

ËÄ¡¢HTTPSÉèÖÃÖеij£¼ûÎÊÌâÏ¢Õù¾ö¼Æ»®

ÉèÖÃHTTPSʱ£¬¿ÉÄÜ»áÓöµ½Ò»Ð©³£¼ûµÄÎÊÌâ¡£ÒÔÏÂÊÇһЩ³£¼ûÎÊÌâ¼°Æä½â¾ö¼Æ»®£º

ÉèÖÃÎļþ¹ýʧ£º¼ì²éNginxÉèÖÃÎļþÊÇ·ñ׼ȷ£¬ÓÈÆäÊÇssl_certificateºÍssl_certificate_keyµÄ·¾¶ÊÇ·ñ׼ȷ¡£

Ö¤Êé¹ýʧ£ºÈ·±£ÄãµÄSSLÖ¤ÊéÓÐÓÃÇÒÓëÓòÃûÆ¥Åä¡£¿ÉÒÔÔÚä¯ÀÀÆ÷ÖÐÑéÖ¤Ö¤ÊéµÄÓÐÓÃÐÔ¡£

·À»ðǽÎÊÌ⣺ÈôÊÇÄãʹÓÃÁË·À»ðǽ£¬È·±£¶Ë¿Ú443£¨HTTPSЭÒ飩ÊÇ¿ª·ÅµÄ¡£

SSL/TLSЭÒéÎÊÌ⣺ÓÐЩ¿Í»§¶Ë¿ÉÄܲ»Ö§³Ö¾É°æ±¾µÄSSL/TLSЭÒé¡£ÔÚssl_protocolsÖÐÖ»±£´æTLSv1.2£¬¿ÉÒÔ½â¾ö´ËÎÊÌâ¡£

½áÓï

ͨ¹ýNginxÉèÖÃHTTPSЭÒ飬ÎÒÃÇ¿ÉÒÔΪÍøÕ¾ÌṩԽ·¢Çå¾²µÄÊý¾Ý´«ÊäͨµÀ¡£±¾ÎÄÏÈÈÝÁËÔõÑù×°ÖÃSSLÖ¤ÊéºÍÉèÖÃNginxµÄHTTPSЧÀÍ£¬²¢ÌṩÁËһЩÓÅ»¯ÉèÖúͳ£¼ûÎÊÌâµÄ½â¾ö¼Æ»®¡£Ï£ÍûÕâƪÎÄÕ¶ÔÄãÓÐËù×ÊÖú£¬ÈÃÄãµÄÍøÕ¾Êý¾Ý´«ÊäÔ½·¢Çå¾²¿É¿¿¡£

ÒÔÉϾÍÊÇNginx HTTPSÉèÖý̳Ì£¬± £»¤ÍøÕ¾Êý¾Ý´«ÊäÇå¾²µÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡

ÃâÔð˵Ã÷£ºÒÔÉÏչʾÄÚÈÝȪԴÓÚÏàÖúýÌå¡¢ÆóÒµ»ú¹¹¡¢ÍøÓÑÌṩ»òÍøÂçÍøÂçÕûÀí£¬°æȨÕùÒéÓë±¾Õ¾Î޹أ¬ÎÄÕÂÉæ¼°¿´·¨Óë¿´·¨²»´ú±í×ðÁú¿­Ê±ÂËÓÍ»úÍø¹Ù·½Ì¬¶È£¬Çë¶ÁÕß½ö×ö²Î¿¼¡£±¾ÎĽӴýתÔØ£¬×ªÔØÇë˵Ã÷À´ÓÉ¡£ÈôÄúÒÔΪ±¾ÎÄÇÖÕ¼ÁËÄúµÄ°æȨÐÅÏ¢£¬»òÄú·¢Ã÷¸ÃÄÚÈÝÓÐÈκÎÉæ¼°ÓÐÎ¥¹«µÂ¡¢Ã°·¸Ö´·¨µÈÎ¥·¨ÐÅÏ¢£¬ÇëÄúÁ¬Ã¦ÁªÏµ×ðÁú¿­Ê±ÊµÊ±ÐÞÕý»òɾ³ý¡£

Ïà¹ØÐÂÎÅ

ÁªÏµ×ðÁú¿­Ê±

13452372176

¿É΢ÐÅÔÚÏß×Éѯ

ÊÂÇéʱ¼ä£ºÖÜÒ»ÖÁÖÜÎ壬9:30-18:30£¬½ÚãåÈÕÐÝÏ¢

QR code
¡¾ÍøÕ¾µØͼ¡¿¡¾sitemap¡¿