（1）https介绍

http不安全：传输数据被中间人盗用，信息泄露;数据内容劫持篡改
https作用：使网站可信，防劫持，防篡改，防监听

（2）nginx的https配置

1.向阿里云或腾讯云申请免费的数字证书,免费的只能绑定一个主机地址，如果想申请DV通配型的需要收费（*.baidu.com）
腾讯云：https://cloud.tencent.com/document/product/400/4143 需要做域名可信按照提示操作
2.环境检测

# openssl version ??????//ssl版本必须是1.0.2OpenSSL 1.0.2k-fips ?26 Jan 2017# nginx -V ?????????????//必须要有ssl模块

3.创建目录和上传证书

mkdir /nginx/cert -pv # ll /nginx/cert -rw-r--r--. 1 root root ?3676 4月 ??3 11:26 1_www.wwang.xyz_bundle.crt-rw-r--r--. 1 root root ?1700 4月 ??3 11:26 2_www.wwang.xyz.key

4.修改nginx配置文件

#vim /usr/local/nginx/conf/nginx.conf ?server { ???????listen 443; ???????server_name www.wwang.xyz; ???????ssl on; ???????ssl_certificate /nginx/cert/1_www.wwang.xyz_bundle.crt; ???????ssl_certificate_key /nginx/cert/2_www.wwang.xyz.key; ???????ssl_session_timeout 5m; ???????ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ???????ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ???????ssl_prefer_server_ciphers on; ???????location / { ???????????????proxy_pass http://192.9.191.31:8001; ???????????????} ???????}

5.参数详解

listen 443 ?????????????????????????????????????????//SSL访问端口号为443ssl on ?????????????????????????????????????????????//启用SSL功能ssl_certificate ????????????????????????????????????//证书文件ssl_certificate_key ????????????????????????????????//私钥文件ssl_protocols ??????????????????????????????????????//使用的协议ssl_ciphers ????????????????????????????????????????//配置加密套件，写法遵循openssl标准

6.防火墙配置和重新加载nginx

iptables -I INPUT 1 -p tcp ?--dport 443 -j ACCEPTservice iptables savenginx -t nginx -s reload 

7.验证

8.苹果ats检测，满足苹果https需求

检测地址：https://cloud.tencent.com/product/ssl

（3）http301跳转https

需求：访问http://www.wwang.xyz 301跳转到https://www.wwang.xyz
1.nginx配置

#vim /usr/local/nginx/conf/nginx.conf server { ???????listen 80; ???????server_name www.wwang.xyz; ???????rewrite ^(.*) https://www.wwang.xyz/$1 permanent; ???????}

2.重新加载

nginx -t nginx -s reload 

3.验证

nginx https

原文地址：https://www.cnblogs.com/lovelinux199075/p/9065178.html