nginx上SSL证书配置

需要在本地服务器上通过客户端脚本来更新nginx中证书的用户，要先在nginx配置添加SSL配置。运行客户端脚本会自动检测证书所在的路径并替换。

配置参考

配置示例核心配置

nginx

server {
    listen  443 ssl;
    server_name yourdomain.com;
    
    # 设置ssl证书文件路径
    ssl_certificate certs/yourdomain.com.pem;
    ssl_certificate_key certs/yourdomain.com.key;
    
    ssl_session_timeout 5m;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers on;
    add_header Strict-Transport-Security "max-age=31536000";
    
    # 访问日志
    access_log /var/log/nginx/yourdomain.com.https.log;
    
    location / {
        root /var/html/yourdomain.com/;
        index index.html;
    }
}

nginx

listen  443 ssl;
server_name yourdomain.com;

ssl_certificate certs/yourdomain.com.pem;
ssl_certificate_key certs/yourdomain.com.key;

ssl_session_timeout 5m;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000";

nginx上SSL证书配置 ​

配置参考 ​

nginx上SSL证书配置

配置参考