安装Nginx
sudo apt update
sudo apt install nginx
配置Nginx: 创建一个新的Nginx配置文件,用于设置反向代理和SSL。可以使用以下命令创建一个新的配置文件(例如,/etc/nginx/sites-available/xx.cn):
sudo vim /etc/nginx/sites-available/xx.cn
将以下ngixn内容粘贴到配置文件中,确保替换your_server_name为您的域名或IP地址,并将/root/证书替换为证书和密钥的实际路径:
server {
listen 80;
listen [::]:80;
server_name xx.cn;
# 重定向到 www.xx.cn
return 301 http://www.xx.cn$request_uri;
}
server {
listen 80;
listen [::]:80;
server_name www.xx.cn;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/nginx/certs/证书;
ssl_certificate_key /etc/nginx/certs/密钥;
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384';
include /etc/nginx/conf.d/*.conf;
}
创建 /etc/nginx/certs 放证书目录:
sudo mkdir -p /etc/nginx/certs
启用Nginx站点: 使用以下命令创建符号链接以启用配置文件:
sudo ln -s /etc/nginx/sites-available/a12x.cn /etc/nginx/sites-enabled/
检查Nginx配置: 运行以下命令以确保Nginx配置文件没有错误:
sudo nginx -t
显示:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
如果没有错误,继续下一步。
重启Nginx: 重启Nginx以应用新的配置:
sudo systemctl restart nginx
确保证书配置好,然后就可以使用你的域名访问了。