一分钟搞懂；如何通过nginx将网站访问改为https

下面我们通过配置Nginx来开启https访问

1、ssl证书申请可以在阿里云上申请一个免费的

需要在域名解析上加上解析值，阿里云会自动添加的。

2、申请完后下载证书放到nginx上

/usr/local/nginx/cert/www.suibibk.com.pem;
/usr/local/nginx/cert/www.suibibk.com.key;

3、nginx的配置文件如下所示，这样就配置好了

ssl_certificate   /usr/local/nginx/cert/www.suibibk.com.pem;
ssl_certificate_key  /usr/local/nginx/cert/www.suibibk.com.key;

4、如下nginx配置文件

user  root;
worker_processes  1;
#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;
#pid        logs/nginx.pid;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  Application/octet-stream;
    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';
    #access_log  logs/access.log  main;
    sendfile        on;
    #tcp_nopush     on;
    #keepalive_timeout  0;
    keepalive_timeout  65;
    #gzip  on;
    #1、博客首页
    server {
        listen       80;
        server_name  www.suibibk.com suibibk.com;
        rewrite ^(.*)$ https://$host$1 permanent;
    }
    #1、博客首页
    server {
        listen 443;
        server_name www.suibibk.com suibibk.com;
        #这个是防止登录用suibibk.com，然后访问用www.suibibk.com,然后session不一致
        if ( $host = 'suibibk.com' ){
            rewrite ^(.*)$ https://www.suibibk.com$1 permanent;
        }
        ssl on;
        client_max_body_size 1536m;
        root html;
        index index.html index.htm;
        ssl_certificate   /usr/local/nginx/cert/www.suibibk.com.pem;
        ssl_certificate_key  /usr/local/nginx/cert/www.suibibk.com.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        location /fileupload {
            root   /home/itweb/data/;
            index  index.html index.htm;
        }
        location / {
            proxy_pass http://127.0.0.1:8080;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header        Host $host;
            proxy_set_header        X-Real-IP $remote_addr;
            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header           X-Forwarded-Proto https;
            proxy_next_upstream   off;
            proxy_connect_timeout   30;
            proxy_read_timeout      1800;
            proxy_send_timeout      300;
        }
    }
}