配置Nginx的SSL证书，即https安全服务

心已赠人 2023-06-12 09:11 11阅读 0赞

###### 1.首先申请证书，进入[阿里云控制台][Link 1]登陆 ######

###### 2.安全(云盾)>ssl证书（应用安全） ######

![在这里插入图片描述][watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzI5NTA3OQ_size_16_color_FFFFFF_t_70]

###### 3.购买证书>进入证书管理页面 >免费型DV SSL >立即购买 ######

![在这里插入图片描述][watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzI5NTA3OQ_size_16_color_FFFFFF_t_70 1]  
![在这里插入图片描述][watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzI5NTA3OQ_size_16_color_FFFFFF_t_70 2]  
![在这里插入图片描述][watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzI5NTA3OQ_size_16_color_FFFFFF_t_70 3]

###### 4.绑定域名>等待证书审核 大约十来分钟就审核通过了 ######

![在这里插入图片描述][watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzI5NTA3OQ_size_16_color_FFFFFF_t_70 4]

###### 5.下载Nginx证书，上传到nginx服务器的nginx目录的cert文件夹（新建文件夹） ######

![在这里插入图片描述][watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzI5NTA3OQ_size_16_color_FFFFFF_t_70 5]

###### 6.修改Nginx的配置文件nginx.conf ######

server {
            listen       80; 
            server_name  blog-admin.wanm-mall.com;
            rewrite ^(.*)$ https://$server_name$1 permanent; #http强转https
        }
        include /usr/nginx/conf.d/*.conf; #加载指定的其他的配置文件

###### 7.在con.d文件夹，添加blog-admin.conf文件，配置如下 ######

server {
    	    listen         443 ssl;
            server_name    blog-admin.wanm-mall.com;
            #设置长连接
            keepalive_timeout   70;
            #证书文件
            ssl_certificate     /usr/nginx/cert/3067442_blog-admin.wanm-mall.com.pem;
            #私钥文件
            ssl_certificate_key /usr/nginx/cert/3067442_blog-admin.wanm-mall.com.key; 
            ssl_session_timeout 5m;
            ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;  #使用此加密套件。
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;   #使用该协议进行配置。
            ssl_prefer_server_ciphers on; 
            #防XSS攻擊
            add_header X-Xss-Protection 1;
            add_header Content-Security-Policy upgrade-insecure-requests;
            location / {
              add_header Content-Security-Policy upgrade-insecure-requests;
              add_header Access-Control-Allow-Origin *;
              add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
              add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
              proxy_pass http://localhost:8080/;
              proxy_set_header Host $http_host;
              proxy_set_header X-Real-IP $remote_addr;
              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           }
        }

###### 8.访问主页 [https://blog-admin.wanm-mall.com][https_blog-admin.wanm-mall.com] ######

![在这里插入图片描述][watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzI5NTA3OQ_size_16_color_FFFFFF_t_70 6]

> 记住：记住：牛逼的技术虽然不是你的，但是你会了，就是你的

[Link 1]: https://homenew.console.aliyun.com
[watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzI5NTA3OQ_size_16_color_FFFFFF_t_70]: https://img-blog.csdnimg.cn/20191111200748572.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzI5NTA3OQ==,size_16,color_FFFFFF,t_70
[watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzI5NTA3OQ_size_16_color_FFFFFF_t_70 1]: https://img-blog.csdnimg.cn/20191111200835183.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzI5NTA3OQ==,size_16,color_FFFFFF,t_70
[watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzI5NTA3OQ_size_16_color_FFFFFF_t_70 2]: https://img-blog.csdnimg.cn/20191111200911586.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzI5NTA3OQ==,size_16,color_FFFFFF,t_70
[watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzI5NTA3OQ_size_16_color_FFFFFF_t_70 3]: https://img-blog.csdnimg.cn/20191111201008328.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzI5NTA3OQ==,size_16,color_FFFFFF,t_70
[watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzI5NTA3OQ_size_16_color_FFFFFF_t_70 4]: https://img-blog.csdnimg.cn/20191111201059968.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzI5NTA3OQ==,size_16,color_FFFFFF,t_70
[watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzI5NTA3OQ_size_16_color_FFFFFF_t_70 5]: https://img-blog.csdnimg.cn/20191111201419930.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzI5NTA3OQ==,size_16,color_FFFFFF,t_70
[https_blog-admin.wanm-mall.com]: https://blog-admin.wanm-mall.com
[watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzI5NTA3OQ_size_16_color_FFFFFF_t_70 6]: https://img-blog.csdnimg.cn/20191111213955171.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzI5NTA3OQ==,size_16,color_FFFFFF,t_70