ubuntu
1、安装nginx
# 更新软件包列表
sudo apt update
# 安装Nginx
sudo apt install nginx -y
# 检查Nginx状态
sudo systemctl status nginx
2、创建存放域名 SSL证书的目录
# 创建目录
sudo mkdir -p /etc/nginx/ssl
# 复制证书文件到该目录
sudo cp play.cn_bundle.crt /etc/nginx/ssl/
sudo cp play.cn.key /etc/nginx/ssl/
# 设置证书文件权限
sudo chmod 600 /etc/nginx/ssl/*
sudo chown root:root /etc/nginx/ssl/*
3、创建Nginx配置文件:
vim /etc/nginx/sites-available/aidjzs.conf
server {
listen 80;
listen [::]:80;
server_name a域名.cn;
# 将HTTP重定向到HTTPS
location / {
return 301 https://$host:8089$request_uri;
}
}
server {
listen 8089 ssl;
listen [::]:8089 ssl;
server_name a域名.cn;
# SSL证书配置
ssl_certificate /etc/nginx/ssl/play.cn_bundle.crt;
ssl_certificate_key /etc/nginx/ssl/play.cn.key;
# SSL配置优化
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# 反向代理配置
location / {
proxy_pass https://服务器内网ip:8089;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
4、创建符号链接启用配置:
sudo ln -s /etc/nginx/sites-available/aidjzs.conf /etc/nginx/sites-enabled/
5、打开防火墙
# 允许HTTP(80)和自定义端口(8089)
sudo ufw allow 80
sudo ufw allow 8089
6、检测配置、重启
# 测试Nginx配置
sudo nginx -t
# 如果测试通过,重启Nginx
sudo systemctl restart nginx