給網站添加免費Https SSL證書

基於阿里雲的雲盾證書服務，系統是centos6.8，web服務器是nginx1.8.0，簡單記錄下踩坑狀況。

申請證書

1. 登陸阿里雲控制檯→安全（雲盾）→證書服務→購買證書（https://common-buy.aliyun.com/?spm=5176.2020520163.cas.1.zTLyhO&commodityCode=cas#/buy）
   

2. 完成購買後補全信息：填寫域名信息、填寫我的信息。注意驗證域名這步，沒有勾選證書綁定。。。那句的話須要在域名解析中增長一條txt類型的解析。
3. 上傳，選擇系統生成CSR，點擊建立而後再提交審覈。

4. 審覈成功後就能夠下載證書而後上傳到網站了，下面說下配置

   配置SSL

   能夠將證書放置在任意位置，這裏放置在nginx配置目錄下的ssl目錄裏(須要新建ssl目錄)
   編輯配置文件
   vim blog_ssl.conf

server {
    listen      80;
    server_name    domainname;
    return      301 https://$server_name$request_uri;
}
server
{
    listen 443;
    server_name domainname;
    ssl on;
    index index.html index.htm index.php;
    root /path/to/webroot;
    ssl_certificate_key  sslpath/214091409160173.key;
    ssl_certificate      /sslpath/214091409160173.pem;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    location / {   
       # if (!-e $request_filename){  
       #   rewrite ^/(.*) /index.php last;  
       # }
    root  /path/to/webroot/subdir/web;  
        try_files  $uri subdir/web/index.php?$args;  
  
        # avoiding processing of calls to non-existing static files by Yii  
        location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {  
            access_log  off;  
            expires  360d;  
  
           try_files  $uri =404;  
        }    
    }  
    location /admin {  
        alias  /path/to/webroot/backend/web;  
  
        rewrite  ^(/admin)/$ $1 permanent;  
        try_files  $uri /backend/web/index.php?$args;  
    }  
    # avoiding processing of calls to non-existing static files by Yii  
    location ~ ^/admin/(.+\.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar))$ {  
        access_log  off;  
        expires  360d;  
  
        rewrite  ^/admin/(.+)$ /backend/web/$1 break;  
        rewrite  ^/admin/(.+)/(.+)$ /backend/web/$1/$2 break;  
        try_files  $uri =404;  
    }  
    location ~ \.php$ {
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            #fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            include        fastcgi_params;

     
    }
    location = /requirements.php {  
        deny all;  
    }  
  
    location ~ \.(ht|svn|git) {  
        deny all;  
    }  
}

保存，而後sbin/nginx -t檢測一下
提示nginx: [emerg] unknown directive "ssl" 說明沒有將ssl模塊編譯進nginx，到nginx的源碼路徑下從新編譯下nginx 加上--with-http_ssl_module 而後make後不用make install 不然就會覆蓋安裝了。而後將新的可執行程序拷貝覆蓋下以前的可執行程序

#cp -rfp objs/nginx /app/local/nginx/sbin/nginx

而後重啓nginx

驗證配置