1.vi /etc/nginx/sites-available/xxx_name
2.复制以下内容:(端口为900,可自定义)
server {
listen 900 ssl; #端口号是路由映射外网访问的端口号,设置900
listen [::]:900 ssl;#端口号是路由映射外网访问的端口号,设置900
server_name xxx.com;#你的域名,一定要用“www.xxx.com”自己的域名。
# ssl证书地址
ssl_certificate /etc/nginx/key/xxx_bundle.pem; # pem文件的路径
ssl_certificate_key /etc/nginx/key/xxx.com.key; # key文件的路径
# ssl验证相关配置
ssl_session_timeout 500m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.php index.htm index3.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
location ~ .*\.php(\/.*)*|.html$ {
include snippets/fastcgi-php.conf;
set $path_info "";
set $real_script_name $fastcgi_script_name;
if ($fastcgi_script_name ~ "^(.+?\.php)(/.+)$") {
set $real_script_name $1;
set $path_info $2;
}
fastcgi_param SCRIPT_FILENAME $document_root$real_script_name;
fastcgi_param SCRIPT_NAME $real_script_name;
fastcgi_param PATH_INFO $path_info;
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:900;
}
error_page 404 500 502 503 504 = /404.html;
location = /404.html {
root /var/www/html;
}
include /etc/nginx/locations.d/*;
}
3.去下载对应的ssl证书(这里的存放目录为/etc/nginx/key/*)
4.最后运行下面两句使能
ln -sf /etc/nginx/sites-{available,enabled}/mywebsite
nginx -s reload