如今跟支付和推广相关的业务需求都需要网站支持 https.很多付费的ssl证书可以买。那么有免费的配置方式吗?当然
亲自实践推荐:Let's Encrypt
上面是官网截图。看不习惯英文的右上角有 语言选项,支持中文。
步骤一
登录注册地址:注册登录 不需要验证手机号,只需要验证邮箱。比较适合那些不喜欢手机号的,比如我,哈哈。
步骤二
填入需要申请证书的域名
步骤三
验证域名的归属,证明域名是你的。两种方式
- http: 根据http请求访问,返回指定的token串
- dns: 通过添加dns前缀验证
下载证书部署
下载后是一个zip压缩包,里面会包含证书文件,加压后文件如下
nginx 配置方式
我部署Larvel项目时 nginx 配置
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
ssl_certificate "/path/to/fullchain.crt";
ssl_certificate_key "/path/to/private/private.pem";
server {
listen 80;
listen 443 ssl http2;
server_name yourdomain.com;
root /home/yourdomain.com/public;
ssl_certificate "/etc/pki/nginx/fullchain.crt";
ssl_certificate_key "/etc/pki/nginx/private/private.pem";
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
# fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
nginx 重启
https 就可以访问了。中间有些过程省略了,不懂的留言问我。