nignx配置https证书

最新推荐文章于 2025-09-10 19:18:23 发布

原创最新推荐文章于 2025-09-10 19:18:23 发布 · 358 阅读

5 ·

CC 4.0 BY-SA版权

文章标签：

#https #网络协议 #http

本文详细描述了如何在腾讯云上为Nginx配置SSL，包括下载并上传SSL证书，修改nginx.conf文件以支持HTTPS，处理SSL错误，并最终设置HTTP到HTTPS的自动跳转。

nignx配置https

1.下载证书并上传至云服务器

因为我用的是腾讯云,所以在腾讯云上面申请了一个免费ssl证书,具体可以点下面的链接

申请免费 SSL 证书。

申请之后将文件解压放在

/www/server/nginx/conf/

路径里面

2.配置nginx

vim /www/server/nginx/conf/nginx.conf

得到如下内容

[root@yongjie tieyongjie.cn_nginx]# vim /www/server/nginx/conf/nginx.conf

        default_type  application/octet-stream;

        server_names_hash_bucket_size 512;
        client_header_buffer_size 32k;
        large_client_header_buffers 4 32k;
        client_max_body_size 50m;

        sendfile   on;
        tcp_nopush on;

        keepalive_timeout 60;

        tcp_nodelay on;

        fastcgi_connect_timeout 300;
        fastcgi_send_timeout 300;
        fastcgi_read_timeout 300;
        fastcgi_buffer_size 64k;
        fastcgi_buffers 4 64k;
        fastcgi_busy_buffers_size 128k;
        fastcgi_temp_file_write_size 256k;
                fastcgi_intercept_errors on;

        gzip on;
        gzip_min_length  1k;
        gzip_buffers     4 16k;
        gzip_http_version 1.1;
        gzip_comp_level 2;
        gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
        gzip_vary on;
        gzip_proxied   expired no-cache no-store private auth;
        gzip_disable   "MSIE [1-6]\.";

        limit_conn_zone $binary_remote_addr zone=perip:10m;
                limit_conn_zone $server_name zone=perserver:10m;

        server_tokens off;
        access_log off;

server
    {
        listen 80;
        server_name www.tieyongjie.cn;
        location / {
        proxy_pass http://localhost:8090;  # 指向Docker容器的端口8080
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
        access_log  /www/wwwlogs/access.log;
    }
include /www/server/panel/vhost/nginx/*.conf;

找到http{...}，并输入以下配置信息。

ssl_certificate tieyongjie.cn_nginx/tieyongjie.cn.csr
ssl_certificate_key tieyongjie.cn_nginx/tieyongjie.cn.key

检测nginx文件

nginx -t
# 检测正常之后,重载nignx配置
systemctl reload nginx

设置 HTTP 请求自动跳转 HTTPS（可选）

server {
 listen 80;
 server_name cloud.tencent.com;    #填写您的证书绑定的域名，例如：cloud.tencent.com
 return 301 https://$host$request_uri;  	 #将http的域名请求转成https
}

保存修改后的 nginx.conf 文件后退出，

3.错误:修改后出现错误

cannot load certificate "/www/server/nginx/conf/tieyongjie.cn.csr": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)
nginx: configuration file /www/server/nginx/conf/nginx.conf test failed

发现com_bundle.crt文件搞错成了csr那个文件,修改之后重新检测已经可以

[root@yongjie conf]# nginx -t
nginx: the configuration file /www/server/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /www/server/nginx/conf/nginx.conf test is successful

然后打开之后发现还是无法进去网址,此时打开如下配置

将server中listen 80改成 listen 443 ssl

server {
 listen 443 ssl;
 server_name cloud.tencent.com;    #填写您的证书绑定的域名，例如：cloud.tencent.com
 # return 301 https://$host$request_uri;  	 #将http的域名请求转成https
}