nginx配置ssl证书

server
    {
        listen 80 default backlog=2048;
        listen 443 ssl;
        server_name weibbc.weiguji.cn;
        index index.html index.htm index.php default.html default.htm default.php;
        root  /home/wwwroot/ppc.weigubi.cn;
        include none.conf;
        #error_page   404   /404.html;
        
        #添加证书，拿到对应的pem和key文件直接添加如下
        ssl_certificate   /home/wwwroot/mhsj.net/ssl/mhsj.pem;
        ssl_certificate_key  /home/wwwroot/mhsj.net/ssl/mhsj.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
        ssl_prefer_server_ciphers on;
        
        #如果http跳转至https，增加301跳转
        if ($ssl_protocol = "") { return 301 https://$host$request_uri; }
        
        # Deny access to PHP files in specific directory
        #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }
        include enable-php.conf;
        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }
        location ~ .*\.(js|css)?$
        {
            expires      12h;
        }
        location ~ /.well-known {
            allow all;
        }
        location ~ /\.
        {
            deny all;
        }
        access_log off;
    }

如果想http和https一起访问设置如下：

        listen 80 default backlog=2048;
        listen 443 ssl;

添加证书的部分：

  ssl_certificate   /home/wwwroot/ppc.weigubi.cn/ssl/214401709700052.pem;
  ssl_certificate_key  /home/wwwroot/ppc.weigubi.cn/ssl/214401709700052.key;
  ssl_session_timeout 5m;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
  ssl_prefer_server_ciphers on;

如果想设置http强制跳转https：

if ($ssl_protocol = "") { return 301 https://$host$request_uri; }

免费证书申请网站：

https://freessl.cn