DEBIAN11 配置域名并启用SSL

发表评论

DEBIAN 配置域名并启用SSL

1.将SSL证书文件放在/etc/ssl目录下,放其他目录也可以。

miie_net.pem
miie_net.key

2. 建立网站跟目录

sudo mkdir /var/www/miienet

3.编辑NGINX主机配置文件

miie@miie:~$ cd /etc/nginx/sites-available
miie@miie:/etc/nginx/sites-available$ sudo cp default miienet

miie@miie:/etc/nginx/sites-available$ sudo vi miienet

##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or WordPress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
        # 注释下面两行,不监听80端口
        #listen 80 default_server;
        #listen [::]:80 default_server;

        # SSL configuration
        #
        # 以下两行注释去掉,监听443端口,并去掉default_server
          listen 443 ssl ;
          listen [::]:443 ssl ;
        # 添加以下6行,导入证书
        ssl_certificate  /etc/ssl/miie_net.pem;
        ssl_certificate_key /etc/ssl/miie_net.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;

        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        # 配置网站跟目录
        root /var/www/miienet;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html index.php;

        # 配置网站域名
        server_name miie.net www.miie.net;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }

        # 启用PHP支持
        # pass PHP scripts to FastCGI server
        #
        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                # With php-fpm (or other unix sockets):
                fastcgi_pass unix:/run/php/php7.4-fpm.sock;
                # With php-cgi (or other tcp sockets):
                #fastcgi_pass 127.0.0.1:9000;
        }



        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #       deny all;
        #}
}


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
# 配置http网站支持
server {
       listen 80;
       listen [::]:80;

       server_name www.miie.net miie.net;
# 配置http转发到https
       rewrite ^(.*)$ https://miie.net;
#
#       root /var/www/example.com;
#       index index.html;
#
#       location / {
#               try_files $uri $uri/ =404;
#       }
}

4.建立配置文件链接

sudo ln -s /etc/nginx/sites-available/miienet  /etc/nginx/sites-enabled/

5.测试并重启NGINX

sudo systemctl reload nginx
sudo systemctl restart nginx

发表评论