阅读量:98
在Debian上为Nginx设置SSL证书的步骤如下:
安装和准备
- 安装Nginx:
sudo apt update
sudo apt install nginx
- 生成或获取SSL证书:
- 使用Let’s Encrypt免费获取证书:
sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx -d your_domain.com -d www.your_domain.com
配置Nginx反向代理
- 创建或编辑Nginx配置文件:
sudo nano /etc/nginx/sites-available/example.com
- 设置反向代理配置:
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
# Redirect all HTTP requests to HTTPS
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name example.com www.example.com;
# SSL configuration
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
# Proxy pass configuration
location / {
proxy_pass http://127.0.0.1:8080; # 修改为您的后端服务端口
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
- 启用配置并重启Nginx:
sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
测试与验证
- 测试HTTPS访问:
通过浏览器访问 https://example.com,确保页面加载正常,且通过HTTPS进行访问。
- 验证SSL/TLS:
使用 curl 或其他工具测试SSL配置是否正确:
curl -I https://example.com
确保返回的头信息中显示HTTP状态为200 OK,并且SSL连接正常。