为域名配置免费SSL证书

Jimmy Lee

技术分享|Aug 5, 2016|Last edited: 2022-7-21|
icon
Update time
Jul 21, 2022 02:41 AM
Internal status
Waiting update
password

Nginx配置ssl

  • 腾讯云申请证书 
    • notion image
      notion image
      notion image
  • 阿里云域名解析验证证书
    • notion image
  • 安装证书
      1. 下载证书
      1. 上传配置证书
        1. #将本地的jenkins.jimersylee.com.zip上传至jimersylee.com这个机子上的/data/ssl_cert目录scp jenkins.jimersylee.com.zip root@jimersylee.com:/data/ssl_cert #登录主机解压文件 ssh root@jimersylee.com cd /data/ssl_cert unzip jenkins.jimersylee.com.zip #各种web服务器的证书就解压完成了,然后去配置Nginx [root@VM_77_132_centos ssl_cert]# tree . ├── Apache │   ├── 1_root_bundle.crt │   ├── 2_blog.jimersylee.com.crt │   ├── 2_jenkins.jimersylee.com.crt │   ├── 2_jimersylee.com.crt │   ├── 3_blog.jimersylee.com.key │   ├── 3_jenkins.jimersylee.com.key │   └── 3_jimersylee.com.key ├── blog.jimersylee.com.cert.zip ├── IIS │   ├── blog.jimersylee.com.pfx │   ├── jenkins.jimersylee.com.pfx │   ├── jimersylee.com.pfx │   └── keystorePass.txt ├── jenkins.jimersylee.com.zip ├── jimersylee.com.cert.zip ├── Nginx │   ├── 1_blog.jimersylee.com_bundle.crt │   ├── 1_jenkins.jimersylee.com_bundle.crt │   ├── 1_jimersylee.com_bundle.crt │   ├── 2_blog.jimersylee.com.key │   ├── 2_jenkins.jimersylee.com.key │   └── 2_jimersylee.com.key └── Tomcat ├── jenkins.jimersylee.com.jks └── keystorePass.txt
  • nginx配置
    • #创建配置文件vim /etc/nginx/conf.d/jenkins.conf

写入以下内容

配置443端口

server { listen 443; server_name jenkins.jimersylee.com; ssl on; ssl_certificate /data/ssl_cert/Nginx/1_jenkins.jimersylee.com_bundle.crt; ssl_certificate_key /data/ssl_cert/Nginx/2_jenkins.jimersylee.com.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置 ssl_prefer_server_ciphers on; root /data/java_app/tomcat9/webapps;
indexindex.htmlindex.htmindex.php; location / { try_files $uri @jenkins; } location @jenkins { internal; proxy_pass http://127.0.0.1:8080; } access_log /data/logs/jenkins/jenkins.log main; }

转发80的访问到jenkins

server { listen 80; server_name jenkins.jimersylee.com; rewrite ^ https://servernamerequest_uri? permanent; }
- 重启Nginx生效
nginx -s stop#停止 nginx -t#测试Nginx配置是否正确 nginx#启动Nginx ```

开始订阅我的关于终生学习, 生产力以及知识管理的文章. 订阅后, 您将收到我的精选文章.

©2014-2024 Jimmy Lee. All rights reserved. 公众号: 技术管理方法论
Powered By My Lovely Children