准备工作
- 一个域名
- 一台有ip的服务器
域名配置
给需要配置https的二级域名,添加一条A记录解析。这里是ssl.xiaoranzife.com
。配置https
https://certbot.eff.org/lets-encrypt/centosrhel7-nginx证书三个月更新一次,可以配置脚本
选择服务和系统
按照下面的步骤一步步执行即可
最终配置
server {
server_name ssl.xiaoranzife.com; # managed by Certbot
root /usr/share/nginx/feup;
# Load configuration files for the default server block.
include /etc/nginx/default.d/\*.conf;
# 初始文件是: include /etc/nginx/default.d/*.conf;
# 这里为了md的高亮加了个\
location / {
try_files $uri /index.html @router;
}
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/ssl.xiaoranzife.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ssl.xiaoranzife.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = ssl.xiaoranzife.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name ssl.xiaoranzife.com;
return 404; # managed by Certbot
}
开启http2
# [server]
{
...
listen 443 ssl http2;
...
}
nginx -t
nginx -s reload
验证http2
打开网址
打开控制台
- 选择network
- 在Name处右击,选择Protocol
- 刷新
- Protocol 变成h2