安装 https 证书的一些过程
下载证书
我使用的阿里云免费个人版,有效期一年。
1 2 3 4 5 6 7 8 9 10 11
| ~/Downloads ❯❯❯ cd 3713633_www.yangtao.site_nginx/ ~/D/3713633_www.yangtao.site_nginx ❯❯❯ ls 3713633_www.yangtao.site.key 3713633_www.yangtao.site.pem ~/D/3713633_www.yangtao.site_nginx ❯❯❯ scp 3713633_www.yangtao.site.key 3713633_www.yangtao.site.pem root@47.101.33.81:/usr/local/nginx/cert/ root@47.101.33.81's password: Permission denied, please try again. root@47.101.33.81's password: 3713633_www.yangtao.site.key 100% 1675 88.9KB/s 00:00 3713633_www.yangtao.site.pem 100% 3675 274.2KB/s 00:00 ~/D/3713633_www.yangtao.site_nginx ❯❯❯
|
1 2
| root@istaotao:/usr/local/nginx/cert 3713633_www.yangtao.site.key 3713633_www.yangtao.site.pem
|
修改配置
按照下文中注释内容修改 nginx.conf 文件:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
| server { listen 443 ssl; server_name localhost; root html; index index.html index.htm; ssl_certificate cert/domain name.pem; ssl_certificate_key cert/domain name.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { root html; index index.html index.htm; } }
|
强制 http 跳转
使用 curl 命令:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
| ~ ❯❯❯ curl baidu.com -v * Trying 220.181.38.148... * TCP_NODELAY set * Connected to baidu.com (220.181.38.148) port 80 ( > GET / HTTP/1.1 > Host: baidu.com > User-Agent: curl/7.64.1 > Accept: */* > < HTTP/1.1 200 OK < Date: Sat, 04 Apr 2020 16:33:35 GMT < Server: Apache < Last-Modified: Tue, 12 Jan 2010 13:48:00 GMT < ETag: "51-47cf7e6ee8400" < Accept-Ranges: bytes < Content-Length: 81 < Cache-Control: max-age=86400 < Expires: Sun, 05 Apr 2020 16:33:35 GMT < Connection: Keep-Alive < Content-Type: text/html < <html> <meta http-equiv="refresh" content="0;url=http://www.baidu.com/"> </html> * Connection * Closing connection 0 ~ ❯❯❯
|
可以看到百度很巧妙的利用 meta 的刷新作用,将 baidu.com 跳转到 www.baidu.com
同理, 我们也可以用这个特性来实现 http 向 https 的跳转
1 2 3 4
| # index.html <html> <meta http-equiv="refresh" content="0;url=https://www.yangtao.site/" /> </html>
|
1 2 3 4 5 6 7 8
| server { listen 80; server_name yangtao.site;
location / { root /var/www/html/refresh/; } }
|
测试 yangtao.site:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
| ~ ❯❯❯ curl yangtao.site -v * Trying 47.101.33.81... * TCP_NODELAY set * Connected to yangtao.site (47.101.33.81) port 80 ( > GET / HTTP/1.1 > Host: yangtao.site > User-Agent: curl/7.64.1 > Accept: */* > < HTTP/1.1 200 OK < Server: nginx/1.14.0 (Ubuntu) < Date: Sat, 04 Apr 2020 16:34:16 GMT < Content-Type: text/html < Content-Length: 91 < Last-Modified: Sat, 04 Apr 2020 16:04:03 GMT < Connection: keep-alive < ETag: "5e88aff3-5b" < Accept-Ranges: bytes < <html> <meta http-equiv="refresh" content="0;url=https://www.yangtao.site/"> </html> * Connection * Closing connection 0
|
参考资料