爲了網站的安全,是時候加上 https 了。https 須要申請證書, 能夠選擇付費(阿里雲),免費(騰訊雲,阿里雲),固然選擇免費版了,下面介紹一種方便的免費證書配置方法Let’s Encrypt:nginx
域名+服務器+nginx(下面以 ubuntu 爲例子)web
$ sudo apt-get install certbot
$ sudo service nginx stop $ sudo certbot certonly --webroot -w webroot-path -d www.domain.com
server { listen 443 ssl http2; server_name www.domain.com; charset utf-8; ssl on; ssl_certificate /etc/letsencrypt/live/www.domain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.domain.com/privkey.pem; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL; ssl_prefer_server_ciphers on; ... }
www.domain.com
對應替換成本身的域名ubuntu
Let’s Encrypt 證書有效期爲 3 個月,須要手動更新瀏覽器
$ sudo service nginx stop $ sudo certbot renew $ sudo service nginx start
也能夠將命令貼到腳本中 crontab 執行安全
瀏覽器訪問 https://www.domain.com, 出現小綠鎖就表明配置成功了