阿里云SSL证书申请及部署
阿里云SSL证书申请及部署
- 证书申请
- 申请通配符域名证书
- 下载并部署证书
- 安装完成并验证:
证书申请
这里以阿里云Symantec证书为例
申请通配符域名证书
在xxx.cn 中配置location如下:
完整配置参考:
server {listen 443 ssl;server_name xxx.cn;ssl_session_cache shared:SSL:1m;ssl_session_timeout 5m;ssl_ciphers HIGH:!aNULL:!MD5;ssl_prefer_server_ciphers on;set $mobile_rewrite do_not_perform;if ($http_user_agent ~* "(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|mobile.+firefox|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows ce|xda|xiino") {set $mobile_rewrite perform;}location / {if ($mobile_rewrite = perform) {root /usr/local/nginx/m/mobile;}if ($mobile_rewrite = do_not_perform) {root html;}}location /.well-known/pki-validation/fileauth.txt {root /usr/local/nginx/html;}}
把验证文件fileauth.txt上传到服务器上一步配置的目录中,本例的具体目录是:
/usr/local/nginx/html/.well-known/pki-validation
E:\wy>scp fileauth.txt root@ip:/usr/local/nginx/html/.well-known/pki-validationroot@ip's password:fileauth.txt 100% 64 1.7KB/s 00:00E:\wy>
查看文件:
[root@izwz96u1ukkfo2k pki-validation]# lltotal 4-rw-r--r-- 1 root root 64 Feb 18 11:00 fileauth.txt[root@izwz96u1ukkfo2k pki-validation]# pwd/usr/local/nginx/html/.well-known/pki-validation[root@izwz96u1ukkfo2k pki-validation]#
完成后重启nginx
[root@izwz96u1ukkfo2k conf]# ../sbin/nginx -tnginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is oknginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful[root@izwz96u1ukkfo2k conf]# ../sbin/nginx -s reload
然后验证,通过后提交。
坐等审核
下载并部署证书
审核通过后,下载证书,并选择nginx
上传证书到服务器
E:\wy\ssl\3472164__xxx.cn_nginx>scp 3472164__xxx.cn.* root@ip:/usr/local/nginx/conf/ssl/www.xxx.cnroot@ip's password:3472164__xxx.cn.key 100% 1679 39.0KB/s 00:003472164__xxx.cn.pem 100% 3671 61.1KB/s 00:00E:\wy\ssl\3472164__xxx.cn_nginx>
配置nginx配置文件
server {listen 80;server_name www.xxx.cn xxx.cn;return 301 https://$server_name$request_uri;set $mobile_rewrite do_not_perform;if ($http_user_agent ~* "(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|mobile.+firefox|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows ce|xda|xiino") {set $mobile_rewrite perform;}location / {if ($mobile_rewrite = perform) {root /usr/local/nginx/m/mobile;}if ($mobile_rewrite = do_not_perform) {root html;}}location /.well-known/pki-validation/fileauth.txt {root /usr/local/nginx/html;}location = /50x.html {root html;}error_page 500 502 503 504 /50x.html;}server {listen 443 ssl;server_name www.xxx.cn;ssl_session_cache shared:SSL:1m;ssl_certificate ./ssl/www.xxx.cn/3472164__xxx.cn.pem;ssl_certificate_key ./ssl/www.xxx.cn/3472164__xxx.cn.key;ssl_session_timeout 5m;ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_prefer_server_ciphers on;set $mobile_rewrite do_not_perform;if ($http_user_agent ~* "(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|mobile.+firefox|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows ce|xda|xiino") {set $mobile_rewrite perform;}location / {if ($mobile_rewrite = perform) {root /usr/local/nginx/m/mobile;}if ($mobile_rewrite = do_not_perform) {root html;}}}
安装完成并验证:
部署前:
部署后
柔光的暖阳◎
「爱情、让人受尽委屈。」
╰+攻爆jí腚メ
╰+哭是因爲堅強的太久メ
还没有评论,来说两句吧...