网站升级SSL的一种方法
1、申请证书
打开 http://freessl.cn/ 进行用户注册
keymanager下载 https://keymanager.org/
打开keymanager并登陆在freessl上注册的邮件地址与密码
在证书申请页面进行证书申请
输入要https化的域名后,选择验证类型为http
点击申请证书
可获得验证信息
复制文件内容
找到信息中在网页端的物理地址(如果没有该目录则需要新增)
新增文件fileauth.txt
将复制的文件内容粘贴完毕后,点击我已完成配置(网站会验证域名的有效性,验证通过则会生成相应的pem文件,可根据系统进行导出)
2、在nginx上部署证书并开启ssl
打开相应的nginx.conf文件,xlusong.com主页的为/usr/local/nginx/conf/nginx.conf
根据情况添加如下内容 以www.xlusong.com为例
server { listen 443 ssl; server_name www.xlusong.com xlusong.com; ssl on;ssl_certificate /usr/local/nginx/sslcrt/www.xlusong.com_chain.crt; ssl_certificate_key /usr/local/nginx/sslcrt/www.xlusong.com_key.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; root /home/wwwroot/xlusong.com; include xlusong.conf; #error_page 404 /404.html; # Deny access to PHP files in specific directory #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; } include enable-php.conf; location /nginx_status { stub_status on; access_log off; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d; } location ~ .*\.(js|css)?$ { expires 12h; } location ~ /.well-known { allow all; } location ~ /\. { deny all; } access_log /home/wwwlogs/access.log; }
注:include enable-php.conf;及下方内容同原有80端口的配置一致
完成后重启nginx服务即可
如需重定向(将http定向到https)
则将80端口部分内容进行修改,修改后的命令段如下
server { listen 80; server_name www.abc.com abc.com; rewrite ^(.*)$ https://$host$1 permanent; index index.php index.html index.htm; root /home/wwwroot/abc.com; include xlusong.conf; #error_page 404 /404.html; # Deny access to PHP files in specific directory #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; } include enable-php.conf; location /nginx_status { stub_status on; access_log off; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d; } location ~ .*\.(js|css)?$ { expires 12h; } location ~ /.well-known { allow all; } location ~ /\. { deny all; } access_log /home/wwwlogs/access.log; }
完成后重启nginx服务即可
如有发现升级后网页错误按F12提示有类似信息
如本次报错的文件为server下index.php
php可在index.php中添加如下内容
header("Content-Security-Policy: upgrade-insecure-requests"); header('Upgrade-Insecure-Requests: 1');
html可添加
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests" />
3、在apache2上部署证书并开启ssl
加载Apache2 sslmod
a2enmod ssl
打开相应的apache2conf文件
如本次打开的是/etc/apache2/sites-available/000-default.conf
添加如下内容(以www.abc.com为例)
<virtualhost *:443> ServerName www.abc.com <proxy> Order deny,allow Allow from all </proxy> SSLEngine On SSLProxyEngine On SSLProxyVerify none SSLProxyCheckPeerCN off SSLProxyCheckPeerName off SSLCertificateFile "/axx/www.abc.com.crt" SSLCertificateKeyFile "/axx/www.abc.com.key" ErrorLog "/zzl/error.log" ProxyRequests Off ProxyPreserveHost On ProxyPass /abc/ http://127.0.0.1:8083/abc/ ProxyPassReverse /abc/ http://127.0.0.1:8083/abc/ ProxyPass / http://127.0.0.1:5000/ ProxyPassReverse / </virtualhost>
重启apache2后即可通过https打开网站,如碰到http报错情况可参照nginx报错进行网站调整 此处没有强制重定向 需要重定向 添加如下配置即可
<VirtualHost *:80> #配置站点的域名 ServerName www.abc.com #配置站点的管理员信息 serveralias www.abc.com RewriteEngine On RewriteRule ^/(.*?)$ https://www.abc.com/$1 [R]</VirtualHost>
目录 返回
首页