在服务器上正确配置域名https证书（ssl）及为什么不推荐使用宝塔申请免费ssl证书_宝塔 ssl 区别

作者：小舞很执着 | 2024-08-21 10:58:34

踩

宝塔 ssl 区别

无宝塔

申请证书（我这里举阿里云申请到的例子）

配置文件的位置
一般在

/usr/local/nginx/conf/vhost
或
/www/server/nginx/conf
或
/www/server/panel/vhost/nginx
1
2
3
4
5

或者
在这里插入图片描述

里面有个证书路径，换掉就行，主域名和子域名配置好像有所不同

以wx.youjia66.com为例，配置信息如下

	server {
	    listen      443 ssl;
	    client_header_timeout 30s;
	    deny 100.100.0.31;
	    server_name wx.youjia66.com;
	    root   /site/weiqin;
	    ssl    on;
	    # 证书路径
	    ssl_certificate   /etc/nginx/cert/youjia.com/youjia66.com.pem;
	    ssl_certificate_key  /etc/nginx/cert/youjia.com/youjia66.com.key;
	    ssl_session_timeout 5m;
	    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
	    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	    ssl_prefer_server_ciphers on; 
	    access_log /var/log/nginx/access_wx.youjia.com.log main;
	    error_log /var/log/nginx/error_wx.youjia.com.cn.log;
	    index index.php  index.html index.htm;
	    fastcgi_intercept_errors on;
	    error_page  404              /public/error.html;
	    client_max_body_size     10m;  
	
	    location / {
	        index index.php index.html;
	        if (!-e $request_filename) {
	            rewrite  ^(.*)$  /index.php?s=$1  last;
	            break;
	        }
	    }
	
	    location ~ .*\.(svn|git|log|pem) {
	        return 404;
	    }
	    add_header X-Frame-Options SAMEORIGIN;
	
	    location ~ \.php {
	        fastcgi_pass   127.0.0.1:9000;
	        fastcgi_index  index.php;
	        fastcgi_split_path_info ^(.+\.php)(.*)$;
	        fastcgi_param  PATH_INFO $fastcgi_path_info;
	        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
	        include        fastcgi_params;
	    }
	
	    location ~ ^/(static|data|upload|images|javascript|js|css|flash|media)/ {
	        expires 30d;
	    }
	
	    location ~ ^/(application|system|captcha|session)/ {
	        deny all;
	        return 404;
	    }
	
	    location ~.*\.(js|css|png|jpg)$ {
	        expires    3d;
	    }
	
	    location ~ /\.ht {
	        deny  all;
	    }
	}
	server {
	    listen 80;
	    server_name wx.youjia66.com;
	    rewrite ^(.*)$ https://$host$1 permanent;
	}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

以www.dian68.net为例，配置信息如下

	server {
	    listen      443 ssl default_server;
	    if ($http_host = dian68.net) {
	        rewrite ^(.*)$ https://www.dian68.net$1 permanent;
	    }
	
	    client_header_timeout 30s;
	    deny 100.100.0.31;
	    server_name dian68.net www.dian68.net;
	    root   /site/weiqin;
	    ssl    on;
	    ssl_certificate   /etc/nginx/cert/dian68.net/dian68.net.pem;
	    ssl_certificate_key  /etc/nginx/cert/dian68.net/dian68.net.key;
	    ssl_session_timeout 5m;
	    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
	    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	    ssl_prefer_server_ciphers on; 
	    access_log /var/log/nginx/access_www.dian68.net.log main;
	    error_log /var/log/nginx/error_www.dian68.net.log;
	    index index.php  index.html index.htm;
	    fastcgi_intercept_errors on;
	    error_page  404              /public/error.html;
	    client_max_body_size     10m;  
	
	    location / {
	        index index.php index.html;
	        if (!-e $request_filename) {
	            rewrite  ^(.*)$  /index.php?s=$1  last;
	            break;
	        }
	    }
	
	    location ~ .*\.(svn|git|log|pem) {
	        return 404;
	    }
	    add_header X-Frame-Options SAMEORIGIN;
	
	    location ~ \.php {
	        fastcgi_pass   127.0.0.1:9000;
	        # fastcgi_pass   unix:/var/run/php-fpm/php72-fpm.sock;
	        fastcgi_split_path_info ^(.+\.php)(.*)$;
	        fastcgi_param  PATH_INFO $fastcgi_path_info;
	        include        fastcgi_params;
	        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
	        proxy_cache cache_one;
	    }
	
	    location ~ ^/(static|data|upload|images|javascript|js|css|flash|media)/ {
	        expires 30d;
	    }
	
	    location ~ ^/(application|system|captcha|session)/ {
	        deny all;
	        return 404;
	    }
	
	    location ~.*\.(js|css|png|jpg)$ {
	        expires    3d;
	    }
	
	    location ~ /\.ht {
	        deny  all;
	    }
	}

	server {
	    listen 80 default_server;
	    server_name dian68.net www.dian68.net;
	    if ($http_host = dian68.net) {
	        rewrite ^(.*)$ https://www.dian68.net$1 permanent;
	    }
	    if ($http_host = www.dian68.net) {
	        rewrite ^(.*)$ https://www.dian68.net$1 permanent;
	    }
	    return 403;
	    #rewrite ^(.*)$ https://$host$1 permanent;
	}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

注意

修改证书后，需要重载nginx配置，不然不会生效（之前就在这里跌了大坑，客户找我说怎么没有效果）

去服务器依次输入下列命令重载nginx配置：
nginx -t
nginx -s reload
1
2
3

有宝塔

有宝塔就简单很多了，直接申请，部署

注意：虽然简单，但是我还是推荐去使用阿里云ssl证书，宝塔的证书总是会存在各种未知问题，有些地方好像并不承认宝塔的ssl证书，之前我小程序开发就遇到，老式安卓手机前端无法调起接口，听同事说好像还有一些支付调用也是用不了，出问题了就欲哭无泪了

在这里插入图片描述

如果您觉得本篇对你有帮助,可以点关注,给个赞,支持一下,过程有遇到什么问题也欢迎评论私信,进行交流

声明：本文内容由网友自发贡献，不代表【wpsshop博客】立场，版权归原作者所有，本站不承担相应法律责任。如您发现有侵权的内容，请联系我们。转载请注明出处：https://www.wpsshop.cn/w/小舞很执着/article/detail/1011487