我能看看你们的conf.d里面defalut.conf和halo.conf两个配置文件的内容吗,改了很久还是不能安全连接,博客后台改过也没有,,
有人用阿里云ssl吗?
nginx.conf的内容么,我就是用的阿里的,不过我是直接在nginx.conf里改的
Galun-yase 我就是用的nginx,配置可参考:nginx重定向,全局https,SSL配置,反代配置参考
Galun-yase defalut.conf这个文件删掉,不删掉会默认使用这个配置
4 天 后
- 已编辑
server {
listen 443;
server_name bestdarren.top www.bestdarren.top;
ssl on;
ssl_certificate /root/.halo/ssl/2809236_bestdarren.top.pem;
ssl_certificate_key /root/.halo/ssl/2809236_bestdarren.top.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:port/;
}
}
server {
listen 80;
server_name bestdarren.top www.bestdarren.top;
rewrite ^(.*)$ https://$host$1 permanent;
client_max_body_size 1024m;
location / {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:port/;
}
}
- 已编辑
我用的是nginx
配置:
server {
listen 443 ssl;
server_name blog.skii.fun;
ssl_certificate /usr/local/nginx/conf/cert/domain name.pem;
ssl_certificate_key /usr/local/nginx/conf/cert/domain name.key; #将domain name.key替换成您证书的密钥文件名。
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:xxxx/; # xxxx这里是halo的端口号
}
}
真的很谢谢大家,已经解决了,开心到飞起来
前段时间 整理了一份 SSL配置方式 1.CDN 2.宝塔 3.Nginx