阿里云 ssl 证书部署到nginx

1、先从阿里云上面把证书文件下载到本地，并上传到nginx 安装路径下cert文件夹里面，这个cert 文件夹需要先创建。

cd /usr/local/nginx

mkdir cert && cd cert

再用rz 命令把你下载的证书压缩文件上传上来。解压，并改名，去掉数字。[root@myweb cert]# ll
总用量 16
-rw-r–r– 1 root root 4116 12月 12 15:57 1610551_www.xchinagroup.top_nginx.zip
-rw-r–r– 1 root root 1679 12月 12 15:58 www.xchinagroup.top.key
-rw-r–r– 1 root root 3688 12月 12 15:58 www.xchinagroup.top.pem

2、修改nginx  配置文件

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

先要确保你的nginx 在编译安装时，添加了 –with-http_ssl_module 这个ssl模块，如果没有需要重新编译安装。

/usr/local/nginx/sbin/nginx -V      #查看编译安装时，添加了那些模块。

nginx version: nginx/1.8.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: –prefix=/usr/local/nginx –with-http_stub_status_module –with-http_ssl_module

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

vim /usr/local/nginx/conf/nginx.conf

把这一段内容，添加到 http 模块里面。

server {
listen 443 ssl;
server_name www.xchinagroup.top;

ssl_certificate /usr/local/nginx/cert/www.xchinagroup.top.pem;
ssl_certificate_key /usr/local/nginx/cert/www.xchinagroup.top.key;

ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;

ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

location / {
root html;
index index.php index.html index.htm;
}
location ~ \.php$ {
try_files $uri =404;
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}

ssl_certificate    ssl_certificate_key  这两个地方就是指定证书文件的位置的，最好用绝对路径。

3、重启nginx

先检查配置文件

/usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

没有错误，再重启。出现 successful ，表示配置文件没有错误。

/usr/local/nginx/sbin/nginx -s reload

4、最后测试 https 网页