腾讯云服务器配置https访问证书-nginx（极简）

博客位置:www.weixuehu.com

1.安装nginx

yum install openssl-devel nginx

依赖关系（y安装、d只下载、N不安装），选y便可
Is this ok [y/d/N]: y

若是出现Complete!安装完成

2.配置文件在/etc/nginx

3.从腾讯云官网申请证书并下载，以下图

 

4.建立一个文件夹ssl

cd /etc/nginx/
mkdir ssl

5.解压证书文件将Nginx中的文件上传到ssl目录下

6.在/etc/nginx/conf.d/这个目录下建立一个(自定义名称).conf文件，

cd /etc/nginx/conf.d/
vim weixuehu.conf

文件内容以下：

server{
      listen 80;    #表示监听80端口
      server_name weixuehu.com www.weixuehu.com;
      location / {    #将80端口强制转为https
          rewrite (.*) https://www.weixuehu.com$1 permanent;
      }
}
server
{
        listen 443 ssl;    #表示监听443端口即https
        server_name weixuehu.com www.weixuehu.com;
        ssl on;
        ssl_certificate /etc/nginx/ssl/1_www.weixuehu.com_bundle.crt;   #证书公钥文件路径
        ssl_certificate_key /etc/nginx/ssl/2_www.weixuehu.com.key;      #证书私钥文件路径
        ssl_session_timeout 5m;                                         #5分钟session会话保持
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
        ssl_prefer_server_ciphers on;
        location / {    #跳转到实际应用
            proxy_pass http://127.0.0.1:9999;
            proxy_redirect   off;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
    }
}

7.在配置weixuehu.conf文件时要注意本身的配置文件路径问题

配置文件参数    说明
listen 443        SSL访问端口号为443
ssl on            启用SSL功能
ssl_certificate    证书文件
ssl_certificate_key    私钥文件
ssl_protocols    使用的协议
ssl_ciphers        配置加密套件，写法遵循openssl标准

8.启动nginx,若是没有错误信息则表示启动成功

service nginx start
或
service nginx restart

我在启动的时候报了如下错误（发现是个人加密文件放错位置了，别的问题也会报这个提示）：
 

Redirecting to /bin/systemctl restart  nginx.service
Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.

根据提示运行命令：

systemctl status nginx.service

报错信息
● nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Mon 2018-11-05 14:53:32 CST; 21s ago
  Process: 5999 ExecStart=/usr/sbin/nginx (code=exited, status=1/FAILURE)
  Process: 9023 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=1/FAILURE)
  Process: 9022 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)

Nov 05 14:53:32 VM_0_15_centos systemd[1]: Starting The nginx HTTP and reverse proxy server...
Nov 05 14:53:32 VM_0_15_centos nginx[9023]: nginx: [emerg] BIO_new_file("/etc/nginx/1_www.weixuehu.com_bundle.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory:fop...:no such file)
Nov 05 14:53:32 VM_0_15_centos nginx[9023]: nginx: configuration file /etc/nginx/nginx.conf test failed
Nov 05 14:53:32 VM_0_15_centos systemd[1]: nginx.service: control process exited, code=exited status=1
Nov 05 14:53:32 VM_0_15_centos systemd[1]: Failed to start The nginx HTTP and reverse proxy server.
Nov 05 14:53:32 VM_0_15_centos systemd[1]: Unit nginx.service entered failed state.
Nov 05 14:53:32 VM_0_15_centos systemd[1]: nginx.service failed.
Hint: Some lines were ellipsized, use -l to show in full.

9.最后使用https访问一下是否成功