DEBIAN 配置域名并启用SSL
1.将SSL证书文件放在/etc/ssl目录下,放其他目录也可以。
miie_net.pem miie_net.key
2. 建立网站跟目录
sudo mkdir /var/www/miienet
3.编辑NGINX主机配置文件
miie@miie:~$ cd /etc/nginx/sites-available miie@miie:/etc/nginx/sites-available$ sudo cp default miienet miie@miie:/etc/nginx/sites-available$ sudo vi miienet ## # You should look at the following URL's in order to grasp a solid understanding # of Nginx configuration files in order to fully unleash the power of Nginx. # https://www.nginx.com/resources/wiki/start/ # https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ # https://wiki.debian.org/Nginx/DirectoryStructure # # In most cases, administrators will remove this file from sites-enabled/ and # leave it as reference inside of sites-available where it will continue to be # updated by the nginx packaging team. # # This file will automatically load configuration files provided by other # applications, such as Drupal or WordPress. These applications will be made # available underneath a path with that package name, such as /drupal8. # # Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. ## # Default server configuration # server { # 注释下面两行,不监听80端口 #listen 80 default_server; #listen [::]:80 default_server; # SSL configuration # # 以下两行注释去掉,监听443端口,并去掉default_server listen 443 ssl ; listen [::]:443 ssl ; # 添加以下6行,导入证书 ssl_certificate /etc/ssl/miie_net.pem; ssl_certificate_key /etc/ssl/miie_net.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; # # Note: You should disable gzip for SSL traffic. # See: https://bugs.debian.org/773332 # # Read up on ssl_ciphers to ensure a secure configuration. # See: https://bugs.debian.org/765782 # # Self signed certs generated by the ssl-cert package # Don't use them in a production server! # # include snippets/snakeoil.conf; # 配置网站跟目录 root /var/www/miienet; # Add index.php to the list if you are using PHP index index.html index.htm index.nginx-debian.html index.php; # 配置网站域名 server_name miie.net www.miie.net; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; } # 启用PHP支持 # pass PHP scripts to FastCGI server # location ~ \.php$ { include snippets/fastcgi-php.conf; # With php-fpm (or other unix sockets): fastcgi_pass unix:/run/php/php7.4-fpm.sock; # With php-cgi (or other tcp sockets): #fastcgi_pass 127.0.0.1:9000; } # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # Virtual Host configuration for example.com # # You can move that to a different file under sites-available/ and symlink that # to sites-enabled/ to enable it. # # 配置http网站支持 server { listen 80; listen [::]:80; server_name www.miie.net miie.net; # 配置http转发到https rewrite ^(.*)$ https://miie.net; # # root /var/www/example.com; # index index.html; # # location / { # try_files $uri $uri/ =404; # } }
4.建立配置文件链接
sudo ln -s /etc/nginx/sites-available/miienet /etc/nginx/sites-enabled/
5.测试并重启NGINX
sudo systemctl reload nginx sudo systemctl restart nginx