这里记录一下Centos6系统上的nginx配置方法。这里我使用 letsencrypt 提供的免费证书,首先访问https://certbot.eff.org/,然后根据你的实际情况选择webserver和操作系统,这里为了通用性,我选择“Unspecified Webserver on Other UNIX”。
Automatically use a temporary webserver (standalone)
然后根据提示一步步的填写邮箱、域名(多个之间使用逗号或者空格分割)后看见下面的提示就代表成功了:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/xxx.com/fullchain.pem. Your cert will expire on 2016-09-21\. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - If you lose your account credentials, you can recover through e-mails sent to xxxx@xxx.com. - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
紧接着编辑nginx的配置文件:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
server { listen 80 default; server_name _; rewrite ^(.*) https://dear-shen.com/ permanent; } server { listen 443 ssl; server_name dear-shen.com www.dear-shen.com;