\u8981\u5728 Nginx \u4e2d\u914d\u7f6e SSL \u53cd\u5411\u4ee3\u7406\uff0c\u60a8\u9700\u8981\u8fdb\u884c\u4ee5\u4e0b\u6b65\u9aa4\uff1a<\/p>\n\n\n\n
\u83b7\u53d6 SSL \u8bc1\u4e66\uff1a<\/strong>\u9996\u5148\uff0c\u60a8\u9700\u8981\u83b7\u53d6\u6709\u6548\u7684 SSL \u8bc1\u4e66\u3002\u60a8\u53ef\u4ee5\u8d2d\u4e70\u4e00\u4e2a\u8bc1\u4e66\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u514d\u8d39\u7684\u8bc1\u4e66\uff0c\u5982 Let’s Encrypt\u3002<\/p>\n\n\n\n \u914d\u7f6e SSL \u8bc1\u4e66\uff1a<\/strong>\u5c06 SSL \u8bc1\u4e66\u548c\u79c1\u94a5\u6587\u4ef6\u5b58\u50a8\u5728\u670d\u52a1\u5668\u4e0a\uff0c\u5e76\u914d\u7f6e Nginx \u4f7f\u7528\u8fd9\u4e9b\u6587\u4ef6\u3002\u4ee5\u4e0b\u662f\u4e00\u4e2a\u7b80\u5355\u7684\u793a\u4f8b\u914d\u7f6e\uff1a<\/p>\n\n\n\n \u5728\u8fd9\u4e2a\u914d\u7f6e\u4e2d\uff0clisten 443 ssl;<\/strong>\u8868\u793a\u76d1\u542c 443 \u7aef\u53e3\uff0c\u5e76\u542f\u7528 SSL\u3002server_name<\/strong>\u662f\u60a8\u7684\u57df\u540d\u3002ssl_certificate<\/strong>\u548cssl_certificate_key<\/strong>\u5206\u522b\u6307\u5411\u60a8\u7684 SSL \u8bc1\u4e66\u548c\u79c1\u94a5\u6587\u4ef6\u7684\u8def\u5f84\u3002<\/p>\n\n\n\n \u914d\u7f6e\u53cd\u5411\u4ee3\u7406\uff1a<\/strong>\u5728location \/<\/strong>\u5757\u5185\u914d\u7f6e\u60a8\u7684\u53cd\u5411\u4ee3\u7406\u3002\u5c06proxy_pass<\/strong>\u6307\u4ee4\u8bbe\u7f6e\u4e3a\u60a8\u8981\u4ee3\u7406\u7684\u76ee\u6807\u670d\u52a1\u5668\u7684\u5730\u5740\u3002\u60a8\u8fd8\u53ef\u4ee5\u8bbe\u7f6e\u5176\u4ed6\u4ee3\u7406\u76f8\u5173\u7684\u5934\u4fe1\u606f\uff0c\u5982proxy_set_header<\/strong>\u3002<\/p>\n\n\n\n \u542f\u7528 SSL \u534f\u8bae\u8bbe\u7f6e\uff1a<\/strong>\u53ef\u4ee5\u6839\u636e\u9700\u8981\u914d\u7f6e SSL \u534f\u8bae\u548c\u52a0\u5bc6\u5957\u4ef6\u3002\u4ee5\u4e0b\u662f\u4e00\u4e2a\u7b80\u5355\u7684\u793a\u4f8b\uff1a<\/p>\n\n\n\n \u5728\u8fd9\u4e2a\u793a\u4f8b\u4e2d\uff0c\u6211\u4eec\u542f\u7528\u4e86 TLS 1.2 \u548c TLS 1.3\uff0c\u5e76\u914d\u7f6e\u4e86\u4e00\u7ec4\u5b89\u5168\u7684\u52a0\u5bc6\u5957\u4ef6\u3002<\/p>\n\n\n\n \u91cd\u542f Nginx\uff1a<\/strong>\u5b8c\u6210\u914d\u7f6e\u540e\uff0c\u786e\u4fdd\u68c0\u67e5\u914d\u7f6e\u6587\u4ef6\u7684\u8bed\u6cd5\u662f\u5426\u6b63\u786e\uff0c\u7136\u540e\u91cd\u65b0\u52a0\u8f7d\u6216\u91cd\u542f Nginx \u670d\u52a1\u3002<\/p>\n\n\n\n nginx -t # \u68c0\u67e5\u914d\u7f6e\u6587\u4ef6\u8bed\u6cd5\u662f\u5426\u6b63\u786e<\/p>\n\n\n\n nginx -s reload # \u91cd\u65b0\u52a0\u8f7d Nginx \u914d\u7f6e<\/p>\n\n\n\n \u4ee5\u4e0a\u662f\u4e00\u4e2a\u57fa\u672c\u7684 SSL \u53cd\u5411\u4ee3\u7406\u914d\u7f6e\u793a\u4f8b\u3002\u6839\u636e\u60a8\u7684\u5177\u4f53\u9700\u6c42\u548c\u73af\u5883\uff0c\u53ef\u80fd\u9700\u8981\u8fdb\u884c\u8fdb\u4e00\u6b65\u7684\u914d\u7f6e\u8c03\u6574\u548c\u5b89\u5168\u52a0\u56fa\u3002<\/p>\n\n\n\n <\/p>\n","protected":false},"excerpt":{"rendered":" \u8981\u5728 Nginx \u4e2d\u914d\u7f6e SSL \u53cd\u5411\u4ee3\u7406\uff0c\u60a8\u9700\u8981\u8fdb\u884c\u4ee5\u4e0b\u6b65\u9aa4\uff1a \u83b7\u53d6 SSL \u8bc1\u4e66\uff1a\u9996\u5148\uff0c\u60a8\u9700\u8981\u83b7\u53d6\u6709\u6548\u7684 SSL \u8bc1\u4e66\u3002\u60a8\u53ef\u4ee5\u8d2d\u4e70\u4e00\u4e2a\u8bc1\u4e66\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u514d\u8d39\u7684\u8bc1\u4e66\uff0c\u5982 Let’s Encrypt\u3002 \u914d\u7f6e SSL \u8bc1\u4e66\uff1a\u5c06 SSL \u8bc1\u4e66\u548c\u79c1\u94a5\u6587\u4ef6\u5b58\u50a8\u5728\u670d\u52a1\u5668\u4e0a\uff0c\u5e76\u914d\u7f6e Nginx \u4f7f\u7528\u8fd9\u4e9b\u6587\u4ef6\u3002\u4ee5\u4e0b\u662f\u4e00\u4e2a\u7b80\u5355\u7684\u793a\u4f8b\u914d\u7f6e\uff1a \u5728\u8fd9\u4e2a\u914d\u7f6e\u4e2d\uff0clisten 443 ssl;\u8868\u793a\u76d1\u542c 443 \u7aef\u53e3\uff0c\u5e76\u542f\u7528 SSL\u3002server_name\u662f\u60a8\u7684\u57df\u540d\u3002ssl_certificate\u548cssl_certificate_key\u5206\u522b\u6307\u5411\u60a8\u7684 SSL \u8bc1\u4e66\u548c\u79c1\u94a5\u6587\u4ef6\u7684\u8def\u5f84\u3002 \u914d\u7f6e\u53cd\u5411\u4ee3\u7406\uff1a\u5728location \/\u5757\u5185\u914d\u7f6e\u60a8\u7684\u53cd\u5411\u4ee3\u7406\u3002\u5c06proxy_pass\u6307\u4ee4\u8bbe\u7f6e\u4e3a\u60a8\u8981\u4ee3\u7406\u7684\u76ee\u6807\u670d\u52a1\u5668\u7684\u5730\u5740\u3002\u60a8\u8fd8\u53ef\u4ee5\u8bbe\u7f6e\u5176\u4ed6\u4ee3\u7406\u76f8\u5173\u7684\u5934\u4fe1\u606f\uff0c\u5982proxy_set_header\u3002 \u542f\u7528 SSL \u534f\u8bae\u8bbe\u7f6e\uff1a\u53ef\u4ee5\u6839\u636e\u9700\u8981\u914d\u7f6e SSL \u534f\u8bae\u548c\u52a0\u5bc6\u5957\u4ef6\u3002\u4ee5\u4e0b\u662f\u4e00\u4e2a\u7b80\u5355\u7684\u793a\u4f8b\uff1a \u5728\u8fd9\u4e2a\u793a\u4f8b\u4e2d\uff0c\u6211\u4eec\u542f\u7528\u4e86 TLS 1.2 \u548c TLS 1.3\uff0c\u5e76\u914d\u7f6e\u4e86\u4e00\u7ec4\u5b89\u5168\u7684\u52a0\u5bc6\u5957\u4ef6\u3002 \u91cd\u542f Nginx\uff1a\u5b8c\u6210\u914d\u7f6e\u540e\uff0c\u786e\u4fdd\u68c0\u67e5\u914d\u7f6e\u6587\u4ef6\u7684\u8bed\u6cd5\u662f\u5426\u6b63\u786e\uff0c\u7136\u540e\u91cd\u65b0\u52a0\u8f7d\u6216\u91cd\u542f Nginx \u670d\u52a1\u3002 nginx -t # \u68c0\u67e5\u914d\u7f6e\u6587\u4ef6\u8bed\u6cd5\u662f\u5426\u6b63\u786e nginx -s reload # \u91cd\u65b0\u52a0\u8f7d Nginx \u914d\u7f6e \u4ee5\u4e0a\u662f\u4e00\u4e2a\u57fa\u672c\u7684 SSL […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"class_list":["post-259","post","type-post","status-publish","format-standard","hentry","category-9"],"_links":{"self":[{"href":"https:\/\/opshub.com.cn\/index.php?rest_route=\/wp\/v2\/posts\/259","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/opshub.com.cn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/opshub.com.cn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/opshub.com.cn\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/opshub.com.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=259"}],"version-history":[{"count":4,"href":"https:\/\/opshub.com.cn\/index.php?rest_route=\/wp\/v2\/posts\/259\/revisions"}],"predecessor-version":[{"id":264,"href":"https:\/\/opshub.com.cn\/index.php?rest_route=\/wp\/v2\/posts\/259\/revisions\/264"}],"wp:attachment":[{"href":"https:\/\/opshub.com.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=259"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/opshub.com.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=259"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/opshub.com.cn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=259"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}# \u76d1\u542c 80 \u7aef\u53e3\u7684 HTTP \u8bf7\u6c42\nserver {\n listen 80;\n # \u66ff\u6362\u4e3a\u4f60\u7684\u57df\u540d\uff0c\u591a\u4e2a\u57df\u540d\u53ef\u4ee5\u7528\u7a7a\u683c\u5206\u9694\uff08\u5982 server_name example.com www.example.com;\uff09\n server_name example.com www.example.com;\n\n # 301 \u6c38\u4e45\u91cd\u5b9a\u5411\u5230 HTTPS \u5730\u5740\uff08$host \u81ea\u52a8\u5339\u914d\u5f53\u524d\u57df\u540d\uff0c$request_uri \u4fdd\u7559\u8bf7\u6c42\u8def\u5f84\u548c\u53c2\u6570\uff09\n return 301 https:\/\/$host$request_uri;\n}<\/code><\/pre>\n\n\n\nserver {\n listen 443 ssl;\n server_name example.com www.example.com;\n\n ssl_certificate \/path\/to\/ssl_certificate.crt;\n ssl_certificate_key \/path\/to\/ssl_certificate_key.key;\n # 497 \u9519\u8bef \u2192 301 \u6c38\u4e45\u91cd\u5b9a\u5411\u5230 HTTPS\n error_page 497 =301 https:\/\/$http_host$request_uri;\n\n location \/ {\n root \/var\/www\/example;\n index index.html index.htm;\n try_files $uri $uri\/ \/index.html;\n }\n\n location \/b {\n proxy_pass http:\/\/backend_server_ip:backend_server_port;\n proxy_set_header Host $host;\n proxy_set_header X-Real-IP $remote_addr;\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n proxy_set_header X-Forwarded-Proto https;\n }\n}<\/code><\/pre>\n\n\n\nssl_protocols TLSv1.2 TLSv1.3; # \u4ec5\u542f\u7528\u5b89\u5168\u7684 TLS \u7248\u672c\nssl_prefer_server_ciphers on;\nssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384;\nssl_session_timeout 10m;\nssl_session_cache shared:SSL:10m;<\/code><\/pre>\n\n\n\n