下载证书

下服务器类型为Nginx

找到nginx目录

1
nginx-t
1
2
3
[root@iZuf6d53boij0t1izav38kZ ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

创建cert目录

在nginx.conf的上一级目录nginx下创建一个用于存放证书的目录。

1
mkdir cert

上传两个证书文件

将证书文件和私钥文件上传到Nginx服务器的证书目录
在终端上面的文件>打开文件树可以打开服务器的目录,里面找到文件夹,右键可以上传文件

修改nginx.cong

发现里面自带443的配置,被注释掉了

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
server {
        listen       80;
        listen       [::]:80;
        server_name  www.wcy.ink;
        root         /home/blog;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        error_page 404 /404.html;
        location = /404.html {
        }

        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        }
    }

# Settings for a TLS enabled server.
#
#    server {
#        listen       443 ssl http2;
#        listen       [::]:443 ssl http2;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        ssl_certificate "/etc/pki/nginx/server.crt";
#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
#        ssl_session_cache shared:SSL:1m;
#        ssl_session_timeout  10m;
#        ssl_ciphers HIGH:!aNULL:!MD5;
#        ssl_prefer_server_ciphers on;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }

修改后如下,注意ssl_certificate "cert/www.wcy.ink.pem";要改成.crt
在nginx.conf文件中server {}代码段后面,再写上http的server{},加上 rewrite ^(.*)$ https://$host$1;能设置HTTP请求自动跳转HTTPS

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
server {
        listen       443 ssl ;
        listen       [::]:443 ssl ;
        server_name  www.wcy.ink;
        root         /home/blog;

        ssl_certificate "cert/www.wcy.ink.pem";
        ssl_certificate_key "cert/www.wcy.ink.key";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  5m;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }
server {

        listen       80;
        listen       [::]:80;
        server_name  www.wcy.ink;
        root         /home/blog;
        rewrite ^(.*)$ https://$host$1;
        # Load configuration files for the default server block.

        include /etc/nginx/default.d/*.conf;
        error_page 404 /404.html;
        location = /404.html {
        }

        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        }
    }

重启nginx服务

1
systemctl restart nginx.service