1,申请域名证书成功后,下载压缩包,一定要选择Nginx的证书类型,解压后得到一个key文件一个pem文件,将这两个文件上传到服务器的root目录
2,打开nginx配置文件
vim /etc/nginx/conf.d/default.conf
同时添加http和https的协议配置,需要注意的是,http需要阿里云安全协议暴露80端口,https需要阿里云安全协议暴露443端口
server {
listen 80;
server_name vip.queyou688.com;
rewrite ^(.*)$ https://${server_name}$1 permanent;
access_log /root/myweb_access.log;
error_log /root/myweb_error.log;
client_max_body_size 75M;
location / {
include uwsgi_params;
uwsgi_pass 127.0.0.1:8001;
uwsgi_param UWSGI_SCRIPT dms.wsgi;
uwsgi_param UWSGI_CHDIR /root/dms;
}
location /static {
alias /root/dms/static;
}
}
server {
listen 443 ssl; #SSL协议访问端口号为443。此处如未添加ssl,可能会造成Nginx无法启动。
server_name vip.queyou688.com; #将localhost修改为您证书绑定的域名,例如:www.example.com。
ssl_certificate /root/3205915_vip.queyou688.com.pem;
ssl_certificate_key /root/3205915_vip.queyou688.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #使用此加密套件。
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #使用该协议进行配置。
ssl_prefer_server_ciphers on;
location / {
include uwsgi_params;
uwsgi_pass 127.0.0.1:8001;
uwsgi_param UWSGI_SCRIPT dms.wsgi;
uwsgi_param UWSGI_CHDIR /root/dms;
}
location /static {
alias /root/dms/static;
}
}
3,重启nginx
systemctl restart nginx.service
效果如下:
