SSL 在lnmp 中部署 域名ssl证书

1.下载ssl证书:

把名字改为ssl.key和ssl.pem

2.在以下目录新建cerl目录,把证书上传到cerl

/usr/local/nginx/conf/cert

3.在域名conf文件中增加以下文件调用

    listen 443 ssl;
    ssl_certificate cert/文件名ssl.pem;
    ssl_certificate_key cert/文件名ssl.key;
    if ($server_port !~ 443){
    rewrite ^(.*) https://域名.cn$1 permanent;
    }

案例:

server
    {
        listen 80;
		listen 443 ssl;
		ssl_certificate cert/tanhanqingcnssl.pem;
		ssl_certificate_key cert/tanhanqingcnssl.key;
		if ($server_port !~ 443){
		rewrite ^(.*) https://tanhanqing.cn$1 permanent;
		}
        #listen [::]:80;
        server_name tanhanqing.cn;
        index index.html index.htm index.php default.html default.htm default.php;
        root  /home/tanhanqing/;

        include wordpress.conf;
        #error_page   404   /404.html;
        include enable-php.conf;

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }

        location ~ .*\.(js|css)?$
        {
            expires      12h;
        }

        location ~ /\.
        {
            deny all;
        }

        access_log  /home/wwwlogs/tanhanqing.cn.log;
    }

4.测试nginx后重启nginx

保存后测试正确性:

/usr/local/nginx/sbin/nginx -t

平滑重启nginx:

/usr/local/nginx/sbin/nginx -s reload