准备工作
- 一个域名
- 一台有ip的服务器
域名配置
给需要配置https的二级域名,添加一条A记录解析。这里是ssl.xiaoranzife.com。
配置https
https://certbot.eff.org/lets-encrypt/centosrhel7-nginx证书三个月更新一次,可以配置脚本
选择服务和系统
按照下面的步骤一步步执行即可
最终配置
server {server_name ssl.xiaoranzife.com; # managed by Certbotroot /usr/share/nginx/feup;# Load configuration files for the default server block.include /etc/nginx/default.d/\*.conf;# 初始文件是: include /etc/nginx/default.d/*.conf;# 这里为了md的高亮加了个\location / {try_files $uri /index.html @router;}error_page 404 /404.html;location = /404.html {}error_page 500 502 503 504 /50x.html;location = /50x.html {}listen [::]:443 ssl ipv6only=on; # managed by Certbotlisten 443 ssl; # managed by Certbotssl_certificate /etc/letsencrypt/live/ssl.xiaoranzife.com/fullchain.pem; # managed by Certbotssl_certificate_key /etc/letsencrypt/live/ssl.xiaoranzife.com/privkey.pem; # managed by Certbotinclude /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbotssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot}server {if ($host = ssl.xiaoranzife.com) {return 301 https://$host$request_uri;} # managed by Certbotlisten 80 ;listen [::]:80 ;server_name ssl.xiaoranzife.com;return 404; # managed by Certbot}
开启http2
# [server]{...listen 443 ssl http2;...}nginx -tnginx -s reload
验证http2
打开网址
打开控制台
- 选择network
- 在Name处右击,选择Protocol
- 刷新
- Protocol 变成h2
若有收获,就点个赞吧
0 人点赞
