{"id":18078,"date":"2024-11-18T17:08:46","date_gmt":"2024-11-18T09:08:46","guid":{"rendered":"https:\/\/fwq.ai\/blog\/18078\/"},"modified":"2024-11-18T17:08:46","modified_gmt":"2024-11-18T09:08:46","slug":"nginx%e6%80%8e%e4%b9%88%e8%ae%be%e7%bd%aessl","status":"publish","type":"post","link":"https:\/\/fwq.ai\/blog\/18078\/","title":{"rendered":"nginx\u600e\u4e48\u8bbe\u7f6essl"},"content":{"rendered":"

\n \u8981\u4f7f\u7528 nginx \u8bbe\u7f6e ssl\uff0c\u9700\uff1a\u83b7\u53d6 ssl \u8bc1\u4e66\u3002\u521b\u5efa nginx \u914d\u7f6e\u6587\u4ef6\uff0c\u6307\u5b9a\u8bc1\u4e66\u8def\u5f84\u3002\u542f\u7528 ssl\u3002\u6dfb\u52a0\u670d\u52a1\u5668\u540d\u79f0\u3002\u91cd\u542f nginx\u3002\n<\/p><\/blockquote>\n

\"nginx\u600e\u4e48\u8bbe\u7f6essl\u63d2\u56fe\"<\/p>\n

\u5982\u4f55\u4f7f\u7528 Nginx \u8bbe\u7f6e SSL<\/strong><\/p>\n

\u8981\u4f7f\u7528 Nginx \u8bbe\u7f6e SSL\uff0c\u60a8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u6b65\u9aa4\uff1a<\/p>\n

1. \u83b7\u53d6 SSL \u8bc1\u4e66<\/strong>
\u60a8\u9700\u8981\u4ece\u8bc1\u4e66\u9881\u53d1\u673a\u6784 (CA) \u8d2d\u4e70\u6216\u83b7\u53d6\u514d\u8d39\u7684 SSL \u8bc1\u4e66\u3002<\/p>\n

2. \u521b\u5efa Nginx \u914d\u7f6e\u6587\u4ef6<\/strong>
\u4f7f\u7528\u6587\u672c\u7f16\u8f91\u5668\u521b\u5efa\u4e00\u4e2a\u65b0\u7684 Nginx \u914d\u7f6e\u6587\u4ef6\uff0c\u4f8b\u5982 “example.conf”:<\/p>\n

server {\n    listen 443 ssl;\n    server_name example.com;\n    ssl_certificate \/path\/to\/certificate.crt;\n    ssl_certificate_key \/path\/to\/certificate.key;\n}<\/pre>\n
 \u767b\u5f55\u540e\u590d\u5236 <\/p>\n
3. \u8bbe\u7f6e\u8bc1\u4e66\u8def\u5f84<\/strong>
\u5c06 “certificate.crt” \u548c “certificate.key” \u66ff\u6362\u4e3a SSL \u8bc1\u4e66\u548c\u79c1\u94a5\u7684\u5b9e\u9645\u8def\u5f84\u3002<\/p>\n
4. \u542f\u7528 SSL<\/strong>
\u5c06 “listen 443 ssl;” \u884c\u6dfb\u52a0\u5230\u914d\u7f6e\u6587\u4ef6\u4e2d\u4ee5\u542f\u7528 SSL\u3002<\/p>\n
5. \u6dfb\u52a0\u670d\u52a1\u5668\u540d\u79f0<\/strong>
\u5c06 “server_name example.com;” \u66ff\u6362\u4e3a\u60a8\u7684\u57df\u540d\u3002<\/p>\n
6. \u91cd\u542f Nginx<\/strong>
\u8981\u4f7f\u66f4\u6539\u751f\u6548\uff0c\u8bf7\u91cd\u65b0\u542f\u52a8 Nginx \u8fdb\u7a0b\u3002<\/p>\n
\u9644\u52a0\u9009\u9879<\/strong><\/p>\n
    \n
  • \n
    \u91cd\u5b9a\u5411 HTTP \u5230 HTTPS\uff1a<\/strong><\/p>\n
    server {\n  listen 80;\n  server_name example.com;\n  return 301 https:\/\/$server_name$request_uri;\n}<\/pre>\n
     \u767b\u5f55\u540e\u590d\u5236 <\/li>\n
  • \n
    \u652f\u6301\u591a\u4e2a\u57df\u540d\uff1a<\/strong><\/p>\n
    server {\n  listen 443 ssl;\n  server_name example.com www.example.com;\n  ...\n}<\/pre>\n
     \u767b\u5f55\u540e\u590d\u5236 <\/li>\n
  • \n
    \u4f7f\u7528 LetsEncrypt \u83b7\u53d6\u514d\u8d39 SSL \u8bc1\u4e66\uff1a<\/strong><\/p>\n
    sudo apt-get install certbot python3-certbot-nginx\ncertbot --nginx<\/pre>\n
     \u767b\u5f55\u540e\u590d\u5236 <\/li>\n
  • \n
    \u542f\u7528 HSTS\uff1a<\/strong><\/p>\n
    add_header Strict-Transport-Security \"max-age=31536000\"; # \u542f\u7528 HSTS<\/pre>\n
     \u767b\u5f55\u540e\u590d\u5236 <\/li>\n<\/ul>\n
    \u4ee5\u4e0a\u5c31\u662f\u600e\u4e48\u8bbe\u7f6essl\u7684\u8be6\u7ec6\u5185\u5bb9\uff0c\u66f4\u591a\u8bf7\u5173\u6ce8\u7c73\u4e91\u5176\u5b83\u76f8\u5173\u6587\u7ae0\uff01<\/p>\n","protected":false},"excerpt":{"rendered":"
    \u8981\u4f7f\u7528 nginx \u8bbe\u7f6e ssl\uff0c\u9700\uff1a\u83b7\u53d6 ssl \u8bc1\u4e66\u3002\u521b\u5efa nginx \u914d\u7f6e\u6587\u4ef6\uff0c\u6307\u5b9a\u8bc1\u4e66\u8def\u5f84\u3002\u542f\u7528 ssl\u3002\u6dfb\u52a0\u670d\u52a1\u5668\u540d\u79f0\u3002\u91cd\u542f nginx\u3002 \u5982\u4f55\u4f7f\u7528 Nginx \u8bbe\u7f6e SSL \u8981\u4f7f\u7528 Nginx \u8bbe\u7f6e SSL\uff0c\u60a8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u6b65\u9aa4\uff1a 1. \u83b7\u53d6 SSL \u8bc1\u4e66\u60a8\u9700\u8981\u4ece\u8bc1\u4e66\u9881\u53d1\u673a\u6784 (CA) \u8d2d\u4e70\u6216\u83b7\u53d6\u514d\u8d39\u7684 SSL \u8bc1\u4e66\u3002 2. \u521b\u5efa Nginx \u914d\u7f6e\u6587\u4ef6\u4f7f\u7528\u6587\u672c\u7f16\u8f91\u5668\u521b\u5efa\u4e00\u4e2a\u65b0\u7684 Nginx \u914d\u7f6e\u6587\u4ef6\uff0c\u4f8b\u5982 “example.conf”: server { listen 443 ssl; server_name example.com; ssl_certificate \/path\/to\/certificate.crt; ssl_certificate_key \/path\/to\/certificate.key; } \u767b\u5f55\u540e\u590d\u5236 3. \u8bbe\u7f6e\u8bc1\u4e66\u8def\u5f84\u5c06 “certificate.crt” \u548c “certificate.key” \u66ff\u6362\u4e3a SSL \u8bc1\u4e66\u548c\u79c1\u94a5\u7684\u5b9e\u9645\u8def\u5f84\u3002 4. […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[],"class_list":["post-18078","post","type-post","status-publish","format-standard","hentry","category-os"],"_links":{"self":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/posts\/18078","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/comments?post=18078"}],"version-history":[{"count":0,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/posts\/18078\/revisions"}],"wp:attachment":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/media?parent=18078"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/categories?post=18078"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/tags?post=18078"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}