CentOS 7.4nginx配置SSL

1、在/etc/nginx/conf.d目錄下建立虛擬主機配置文件

server {
    listen       80;
    server_name  www.xx.com xx.com;
    return 301 https://$server_name$request_uri;
}
server { 
       listen       443; 
       server_name  www.xx.com xx.com; 
       ssl                  on; 
       ssl_certificate      /www/xx.com/ssl/xx.com-ca-bundle.crt;
       ssl_certificate_key      /www/xx.com/ssl/xx.com.key;
       ssl_session_timeout  5m; 
       ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
       ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;

       ssl_prefer_server_ciphers   on; 
       location / { 
           root   /www/xx.com/www/www; 
           index  index.html index.htm; 
       } 
}

 2、查看443端口是否打開

　　firewall-cmd --zone=public --list-ports

3、若是沒有打開增長443端口

　　firewall-cmd --zone=public --add-port=443/tcp --permanent

4、從新載入防火牆

　　firewall-cmd --reload