腾讯云 ubuntu22.04 nginx https 配置流程
1. 在 Ubuntu 22.04 上为 Nginx 配置 HTTPS,您可以按照以下步骤进行操作:
安装 Nginx:
sudo apt update
sudo apt install nginx
安装 Certbot 工具:
sudo apt install certbot
获取 SSL 证书:
使用 Certbot 命令获取并配置 SSL 证书。确保您的域名已经正确解析到您的服务器 IP 地址上。
sudo certbot certonly --nginx
根据提示输入您的电子邮件地址和同意条款,然后选择要获取证书的域名。
配置 Nginx 以使用 SSL 证书:
打开 Nginx 的默认站点配置文件进行编辑:
sudo nano /etc/nginx/sites-available/default
在 server 部分中添加以下配置来启用 SSL,并将证书和密钥文件路径替换为 Certbot 证书生成的实际路径:
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/your_domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your_domain/privkey.pem;
ssl_protocols TLSv1.3;
将 your_domain 替换为您的域名。
配置 Nginx 重定向 HTTP 流量到 HTTPS:
在 server 部分中添加以下配置来自动将 HTTP 请求重定向到 HTTPS:
server {
listen 80;
server_name your_domain;
return 301 https://$host$request_uri;
}
将 your_domain 替换为您的域名。
检查配置文件是否正确:
使用以下命令检查 Nginx 配置文件语法是否正确:
sudo nginx -t
重启 Nginx 服务以应用更改:
sudo systemctl restart nginx
现在,您已经成功地为 Nginx 配置了 HTTPS。确保防火墙允许入站 443 端口的流量。您现在应该能够通过 HTTPS 访问您的服务器。
2. 问题:The requested nginx plugin does not appear to be installed
解决:sudo apt install python3-certbot-nginx
3. 修改配置文件:
命令:
sudo nano /etc/nginx/sites-available/default
内容:
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80;
server_name yclz.ltd;
return 301 https://$host$request_uri;
#listen 80 default_server;
#listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
server {
listen 443 ssl;
listen [::]:443;
server_name yclz.ltd;
ssl_certificate /etc/letsencrypt/live/yclz.ltd/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yclz.ltd/privkey.pem;
ssl_protocols TLSv1.3;
#root /var/www/yclz.ltd;
root /var/www/html;
#index index.html;
index index.html index.htm index.nginx-debian.html;
location / {
try_files $uri $uri/ =404;
}
}
评论
发表评论