-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path2019030501.html
More file actions
1 lines (1 loc) · 41.4 KB
/
2019030501.html
File metadata and controls
1 lines (1 loc) · 41.4 KB
1
<!DOCTYPE html><html class="theme-next mist use-motion" lang="zh-Hans"><head><meta name="generator" content="Hexo 3.9.0"><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1"><meta name="theme-color" content="#222"><script src="/lib/pace/pace.min.js?v=1.0.2"></script><link href="/lib/pace/pace-theme-minimal.min.css?v=1.0.2" rel="stylesheet"><meta http-equiv="Cache-Control" content="no-transform"><meta http-equiv="Cache-Control" content="no-siteapp"><link href="/lib/fancybox/source/jquery.fancybox.css?v=2.1.5" rel="stylesheet" type="text/css"><link href="/lib/font-awesome/css/font-awesome.min.css?v=4.6.2" rel="stylesheet" type="text/css"><link href="/css/main.css?v=5.1.3" rel="stylesheet" type="text/css"><link rel="apple-touch-icon" sizes="180x180" href="/images/apple-touch-icon-240x240-playpi.png?v=5.1.3"><link rel="icon" type="image/png" sizes="32x32" href="/images/favicon-32x32-playpi.png?v=5.1.3"><link rel="icon" type="image/png" sizes="16x16" href="/images/favicon-16x16-playpi.png?v=5.1.3"><link rel="mask-icon" href="/images/logo-playpi.svg?v=5.1.3" color="#222"><meta name="keywords" content="Nginx,https,ssl,证书"><link rel="alternate" href="/atom.xml" title="虾丸派" type="application/atom+xml"><meta name="description" content="由于 GitHub Pages 把百度爬虫屏蔽了,导致百度爬虫爬取不到我的个人主页,所以被百度收录的内容很少,能收录的基本都是我手动提交的。后来我的解决办法就是自己搭建了一台 Web 服务器,然后在 DNSPod 中把百度爬虫的访问流量引到我的 Web 服务器上面,服务器主机是我自己购买的 VPS,服务器应用我选择的是强大的 Nginx。本文就记录 Web 服务器搭建以及配置 SSL 证书这个过程"><meta name="keywords" content="Nginx,https,ssl,证书"><meta property="og:type" content="article"><meta property="og:title" content="Nginx 配置 SSL 证书实现 HTTPS 访问"><meta property="og:url" content="https://www.playpi.org/2019030501.html"><meta property="og:site_name" content="虾丸派"><meta property="og:description" content="由于 GitHub Pages 把百度爬虫屏蔽了,导致百度爬虫爬取不到我的个人主页,所以被百度收录的内容很少,能收录的基本都是我手动提交的。后来我的解决办法就是自己搭建了一台 Web 服务器,然后在 DNSPod 中把百度爬虫的访问流量引到我的 Web 服务器上面,服务器主机是我自己购买的 VPS,服务器应用我选择的是强大的 Nginx。本文就记录 Web 服务器搭建以及配置 SSL 证书这个过程"><meta property="og:locale" content="zh-Hans"><meta property="og:image" content="https://raw.githubusercontent.com/iplaypi/img-playpi/master/img/old/b7f2e3a3gy1g0tj7nqpidj20pi085jrs.jpg"><meta property="og:image" content="https://raw.githubusercontent.com/iplaypi/img-playpi/master/img/old/b7f2e3a3gy1g0tj9c3v7aj20hw075t92.jpg"><meta property="og:image" content="https://raw.githubusercontent.com/iplaypi/img-playpi/master/img/old/b7f2e3a3gy1g0tj9zp4g1j21hc0qx0ub.jpg"><meta property="og:image" content="https://raw.githubusercontent.com/iplaypi/img-playpi/master/img/old/b7f2e3a3gy1g0tjanlqz3j20o80dbaav.jpg"><meta property="og:image" content="https://raw.githubusercontent.com/iplaypi/img-playpi/master/img/old/b7f2e3a3gy1g0tjbahmnzj20rm0kv75t.jpg"><meta property="og:image" content="https://raw.githubusercontent.com/iplaypi/img-playpi/master/img/old/b7f2e3a3gy1g0tjbrqeeuj20f603cglj.jpg"><meta property="og:image" content="https://raw.githubusercontent.com/iplaypi/img-playpi/master/img/old/b7f2e3a3gy1g0tjc9ygu2j20bo02s0sl.jpg"><meta property="og:image" content="https://raw.githubusercontent.com/iplaypi/img-playpi/master/img/old/b7f2e3a3gy1g0tjcrc2zbj21hk0s6n10.jpg"><meta property="og:image" content="https://raw.githubusercontent.com/iplaypi/img-playpi/master/img/old/b7f2e3a3gy1g0tjd5kowxj20d60i90t0.jpg"><meta property="og:image" content="https://raw.githubusercontent.com/iplaypi/img-playpi/master/img/old/b7f2e3a3gy1g0uj2a8vf6j21gm08smxy.jpg"><meta property="og:updated_time" content="2019-03-04T18:14:23.000Z"><meta name="twitter:card" content="summary"><meta name="twitter:title" content="Nginx 配置 SSL 证书实现 HTTPS 访问"><meta name="twitter:description" content="由于 GitHub Pages 把百度爬虫屏蔽了,导致百度爬虫爬取不到我的个人主页,所以被百度收录的内容很少,能收录的基本都是我手动提交的。后来我的解决办法就是自己搭建了一台 Web 服务器,然后在 DNSPod 中把百度爬虫的访问流量引到我的 Web 服务器上面,服务器主机是我自己购买的 VPS,服务器应用我选择的是强大的 Nginx。本文就记录 Web 服务器搭建以及配置 SSL 证书这个过程"><meta name="twitter:image" content="https://raw.githubusercontent.com/iplaypi/img-playpi/master/img/old/b7f2e3a3gy1g0tj7nqpidj20pi085jrs.jpg"><script type="text/javascript" id="hexo.configurations">var NexT=window.NexT||{},CONFIG={root:"/",scheme:"Mist",version:"5.1.3",sidebar:{position:"left",display:"hide",offset:12,b2t:!1,scrollpercent:!0,onmobile:!1},fancybox:!0,tabs:!0,motion:{enable:!0,async:!1,transition:{post_block:"fadeIn",post_header:"slideDownIn",post_body:"slideDownIn",coll_header:"slideLeftIn",sidebar:"slideUpIn"}},duoshuo:{userId:"0",author:"博主"},algolia:{applicationID:"",apiKey:"",indexName:"",hits:{per_page:10},labels:{input_placeholder:"Search for Posts",hits_empty:"We didn't find any results for the search: ${query}",hits_stats:"${hits} results found in ${time} ms"}}}</script><link rel="canonical" href="https://www.playpi.org/2019030501.html"><title>Nginx 配置 SSL 证书实现 HTTPS 访问 | 虾丸派</title></head><body itemscope itemtype="http://schema.org/WebPage" lang="zh-Hans"><div class="container sidebar-position-left page-post-detail"><div class="headband"></div><header id="header" class="header" itemscope itemtype="http://schema.org/WPHeader"><div class="header-inner"><div class="site-brand-wrapper"><div class="site-meta"><div class="custom-logo-site-title"><a href="/" class="brand" rel="start"><span class="logo-line-before"><i></i></span> <span class="site-title">虾丸派</span> <span class="logo-line-after"><i></i></span></a></div><h1 class="site-subtitle" itemprop="description">烂笔头</h1></div><div class="site-nav-toggle"><button><span class="btn-bar"></span> <span class="btn-bar"></span> <span class="btn-bar"></span></button></div></div><nav class="site-nav"><ul id="menu" class="menu"><li class="menu-item menu-item-home"><a href="/" rel="section"><i class="menu-item-icon fa fa-fw fa-home"></i><br>首页</a></li><li class="menu-item menu-item-tags"><a href="/tags/" rel="section"><i class="menu-item-icon fa fa-fw fa-tags"></i><br>标签</a></li><li class="menu-item menu-item-categories"><a href="/categories/" rel="section"><i class="menu-item-icon fa fa-fw fa-th"></i><br>分类</a></li><li class="menu-item menu-item-archives"><a href="/archives/" rel="section"><i class="menu-item-icon fa fa-fw fa-archive"></i><br>归档</a></li><li class="menu-item menu-item-about"><a href="/about/" rel="section"><i class="menu-item-icon fa fa-fw fa-user"></i><br>关于</a></li><li class="menu-item menu-item-books"><a href="/books/" rel="section"><i class="menu-item-icon fa fa-fw fa-book"></i><br>书籍</a></li><li class="menu-item menu-item-guide"><a href="/guide/" rel="section"><i class="menu-item-icon fa fa-fw fa-location-arrow"></i><br>指南</a></li><li class="menu-item menu-item-search"><a href="javascript:;" class="popup-trigger"><i class="menu-item-icon fa fa-search fa-fw"></i><br>搜索</a></li></ul><div class="site-search"><div class="popup search-popup local-search-popup"><div class="local-search-header clearfix"><span class="search-icon"><i class="fa fa-search"></i> </span><span class="popup-btn-close"><i class="fa fa-times-circle"></i></span><div class="local-search-input-wrapper"><input autocomplete="off" placeholder="搜索..." spellcheck="false" type="text" id="local-search-input"></div></div><div id="local-search-result"></div></div></div></nav></div></header><main id="main" class="main"><div class="main-inner"><div class="content-wrap"><div id="content" class="content"><div id="posts" class="posts-expand"><article class="post post-type-normal" itemscope itemtype="http://schema.org/Article"><div class="post-block"><link itemprop="mainEntityOfPage" href="https://www.playpi.org/2019030501.html"><span hidden itemprop="author" itemscope itemtype="http://schema.org/Person"><meta itemprop="name" content="虾丸派"><meta itemprop="description" content="记录知识 | 分享技术"><meta itemprop="image" content="/images/favicon-1536x1536-playpi.png"></span><span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization"><meta itemprop="name" content="虾丸派"></span><header class="post-header"><h2 class="post-title" itemprop="name headline">Nginx 配置 SSL 证书实现 HTTPS 访问</h2><div class="post-meta"><span class="post-time"><span class="post-meta-item-text">发表于</span> <time title="创建于" itemprop="dateCreated datePublished" datetime="2019-03-05T02:14:23+08:00">2019-03-05 </time></span><span class="post-category"><span class="post-meta-divider">|</span> <span class="post-meta-item-text">分类于</span> <span itemprop="about" itemscope itemtype="http://schema.org/Thing"><a href="/categories/building/" itemprop="url" rel="index"><span itemprop="name">建站</span> </a></span></span><span id="busuanzi_container_page_pv" style="display:none"><span class="post-meta-divider">|</span> 阅读次数 <span id="busuanzi_value_page_pv"></span></span><div class="post-wordcount"><span class="post-meta-item-text">字数统计</span> <span title="字数统计">1,974字 </span><span class="post-meta-divider">|</span> <span class="post-meta-item-text">阅读时长 ≈</span> <span title="阅读时长">8分钟</span></div></div></header><div class="post-body" itemprop="articleBody"><p>由于 GitHub Pages 把百度爬虫屏蔽了,导致百度爬虫爬取不到我的个人主页,所以被百度收录的内容很少,能收录的基本都是我手动提交的。后来我的解决办法就是自己搭建了一台 Web 服务器,然后在 DNSPod 中把百度爬虫的访问流量引到我的 Web 服务器上面,服务器主机是我自己购买的 VPS,服务器应用我选择的是强大的 Nginx。本文就记录 Web 服务器搭建以及配置 SSL 证书这个过程。</p><a id="more"></a><h1 id="安装 -Nginx"><a href="# 安装 -Nginx" class="headerlink" title="安装 Nginx"></a>安装 Nginx</h1><p>Nginx 官方网站:<a href="https://www.nginx.com/resources/wiki/start/topics/tutorials/install" target="_blank" rel="noopener">https://www.nginx.com/resources/wiki/start/topics/tutorials/install</a> 。</p><p>我的 VPS 是 CentOS 7 X64 版本的,所以安装 Nginx 的过程比较麻烦一点,需要自己下载源码、编译、安装,如果需要用到附加模块【例如 http_ssl 证书模块】,还需要重新编译,整个过程比较耗时。如果不熟悉的话,遇到问题也要折腾半天才能解决。所以,我在不熟悉的 Nginx 的情况下选择了一种简单的方式,直接自动安装,并自带了一些常用的模块,例如 ssl 证书模块。但是缺点就是安装过程稍微长一点,在网络好的情况下可能需要 3-5 分钟。我还参考了别人的文档:<a href="https://gist.github.com/ifels/c8cfdfe249e27ffa9ba1" target="_blank" rel="noopener">https://gist.github.com/ifels/c8cfdfe249e27ffa9ba1</a> ,但是仅供参考,因为我发现也有一些不能使用的地方。</p><h2 id="创建源配置文件"><a href="# 创建源配置文件" class="headerlink" title="创建源配置文件"></a>创建源配置文件</h2><p>在 /etc/yum.repos.d/ 目录下创建一个源配置文件 nginx.repo,如果不存在这个目录,先使用 mkdir 命令创建目录,然后在目录中添加一个文件 nginx.repo,使用命令:</p><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">vi nginx.repo</span><br></pre></td></tr></table></figure><p>进入编辑模式,填写如下内容:</p><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">[nginx]</span><br><span class="line">name=nginx repo</span><br><span class="line">baseurl=http://nginx.org/packages/centos/$releasever/$basearch/</span><br><span class="line">gpgcheck=0</span><br><span class="line">enabled=1</span><br></pre></td></tr></table></figure><p>编辑完成后保存即可。</p><h2 id="自动安装 -Nginx"><a href="# 自动安装 -Nginx" class="headerlink" title="自动安装 Nginx"></a>自动安装 Nginx</h2><p>接下来就是使用命令自动安装 Nginx 了【敲下命令,看着就行了,会有刷屏的日志输出】:</p><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">yum install nginx -y</span><br></pre></td></tr></table></figure><p>安装完成后,使用以下命令启动:</p><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">service nginx start</span><br></pre></td></tr></table></figure><p>可以使用命令 <strong>service nginx status</strong> 查看 Nginx 是否启动:<br><img src="https://raw.githubusercontent.com/iplaypi/img-playpi/master/img/old/b7f2e3a3gy1g0tj7nqpidj20pi085jrs.jpg" alt="查看 Nginx 状态" title="查看 Nginx 状态"></p><p>然后你就能看到 Nginx 的主页了,默认是 80 端口,直接使用 ip 访问即可【如果这里打不开,可能是端口 80 没有开启,被防火墙禁用了,需要重新开启,开启方法参考后面的章节】。<br><img src="https://raw.githubusercontent.com/iplaypi/img-playpi/master/img/old/b7f2e3a3gy1g0tj9c3v7aj20hw075t92.jpg" alt="Nginx 主页" title="Nginx 主页"></p><h1 id="获取 -SSL- 证书、配置参数"><a href="# 获取 -SSL- 证书、配置参数" class="headerlink" title="获取 SSL 证书、配置参数"></a>获取 SSL 证书、配置参数</h1><h2 id="SSL- 证书获取"><a href="#SSL- 证书获取" class="headerlink" title="SSL 证书获取"></a>SSL 证书获取</h2><p>证书的获取可以参考我的文章:<a href="https://www.playpi.org/2019030401.html">利用阿里云申请免费的 SSL 证书 </a>。我在阿里云获取的证书是免费的、有效期一年的,等证书过期了可以重新申请【不知道能不能自动续期】,因为我有阿里云的帐号,所以就直接使用了。当然,通过其它方式也可以获取 SSL 证书,大家自行选择。<br><img src="https://raw.githubusercontent.com/iplaypi/img-playpi/master/img/old/b7f2e3a3gy1g0tj9zp4g1j21hc0qx0ub.jpg" alt="阿里云申请的 SSL 证书" title="阿里云申请的 SSL 证书"></p><p>直接下载即可,下载后上传到站点的任意目录,但是要记住文件的位置,因为等一下配置 Nginx 的时候需要指定证书的位置。我把它们放在了 /site/ 目录,一共有 2 个文件:.key 文件时私钥文件,.pem 文件时公钥文件。<br><img src="https://raw.githubusercontent.com/iplaypi/img-playpi/master/img/old/b7f2e3a3gy1g0tjanlqz3j20o80dbaav.jpg" alt="SSL 证书的 2 个文件" title="SSL 证书的 2 个文件"></p><h2 id="Nginx- 参数配置"><a href="#Nginx- 参数配置" class="headerlink" title="Nginx 参数配置"></a>Nginx 参数配置</h2><p>更改配置文件,打开文件【使用 vi 命令会自动创建不存在的文件】,进入编辑模式:</p><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"># 配置 </span><br><span class="line">vi /etc/nginx/nginx.conf</span><br></pre></td></tr></table></figure><p>填写内容如下【我这里只是配置基本的参数 server 有关内容,大家当然可以根据实际需要配置更为丰富的参数】,留意证书的公钥与私钥这 2 个文件的配置:</p><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br></pre></td><td class="code"><pre><span class="line"># 80 端口是用来接收基本的 http 请求,里面做了永久重定向,重定向到 https 的链接 </span><br><span class="line"> server {</span><br><span class="line"> listen 80;</span><br><span class="line"> server_name blog.playpi.org;</span><br><span class="line"> access_log /site/iplaypi.github.io.http-blog-access.log main;</span><br><span class="line"> rewrite ^/(.*)$ https://blog.playpi.org/$1 permanent;</span><br><span class="line"> }</span><br><span class="line"># 443 端口是用来接收 https 请求的 </span><br><span class="line">server {</span><br><span class="line"> listen 443 ssl;# 监听端口 </span><br><span class="line"> server_name blog.playpi.org;# 域名 </span><br><span class="line"> access_log /site/iplaypi.github.io.https-blog-access.log main;</span><br><span class="line"> root /site/iplaypi.github.io;</span><br><span class="line"> ssl_certificate /site/1883927_blog.playpi.org.pem;# 证书路径 </span><br><span class="line"> ssl_certificate_key /site/1883927_blog.playpi.org.key;#key 路径 </span><br><span class="line"> ssl_session_cache shared:SSL:1m;# 储存 SSL 会话的缓存类型和大小 </span><br><span class="line"> ssl_session_timeout 5m;# 配置会话超时时间 </span><br><span class="line"> ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;# 为建立安全连接,服务器所允许的密码格式列表 </span><br><span class="line"> ssl_protocols TLSv1 TLSv1.1 TLSv1.2;</span><br><span class="line"> ssl_prefer_server_ciphers on;# 依赖 SSLv3 和 TLSv1 协议的服务器密码将优先于客户端密码 </span><br><span class="line"> #减少点击劫持 </span><br><span class="line"> add_header X-Frame-Options DENY;</span><br><span class="line"> #禁止服务器自动解析资源类型 </span><br><span class="line"> add_header X-Content-Type-Options nosniff;</span><br><span class="line"> #防 XSS 攻击 </span><br><span class="line"> add_header X-Xss-Protection 1;</span><br><span class="line"> }</span><br></pre></td></tr></table></figure><p>只要按照如上的配置,就可以同时接收 http 请求与 https 请求【实际上 http 的请求被永久重定向到了 https】,我的配置如下图【请忽略 www 二级域名的配置项】:<br><img src="https://raw.githubusercontent.com/iplaypi/img-playpi/master/img/old/b7f2e3a3gy1g0tjbahmnzj20rm0kv75t.jpg" alt="Nginx 配置项 server" title="Nginx 配置项 server"></p><h2 id="验证参数是否准确"><a href="# 验证参数是否准确" class="headerlink" title="验证参数是否准确"></a>验证参数是否准确</h2><p>有时候配置了参数,可能因为字符、参数名问题导致启动失败,然后再回来改配置文件,比较繁琐,所以可以直接使用 Nginx 提供的命令来验证配置文件的内容是否合法,如果有问题可以在输出警告日志中看到,改起来也非常方便。</p><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">nginx -t</span><br></pre></td></tr></table></figure><p>可以看到,配置项正常,接下来就可以启动 Nginx 了。<br><img src="https://raw.githubusercontent.com/iplaypi/img-playpi/master/img/old/b7f2e3a3gy1g0tjbrqeeuj20f603cglj.jpg" alt="Nginx 配置项检测" title="Nginx 配置项检测"></p><h1 id="开启端口、启动 -Nginx"><a href="# 开启端口、启动 -Nginx" class="headerlink" title="开启端口、启动 Nginx"></a>开启端口、启动 Nginx</h1><p>在上面的步骤中,如果在一开始想启动 Nginx,虽然启动成功了,但是却访问不了 Nginx 的主页,那很大可能是服务器的端口没有开启,导致访问请求被拒绝,所以需要适当开启必要的端口【如果没有安装防火墙工具 firewall 请自行安装】。</p><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line"># 查看已经开启的端口 </span><br><span class="line">firewall-cmd --list-ports</span><br><span class="line"># 开启端口 80</span><br><span class="line">firewall-cmd --permanent --zone=public --add-port=80/tcp</span><br><span class="line"># 开启端口 443</span><br><span class="line">firewall-cmd --permanent --zone=public --add-port=443/tcp</span><br><span class="line"># 重载更新的端口信息 </span><br><span class="line">firewall-cmd --reload</span><br><span class="line"># 这种方式可以,启动 Nginx</span><br><span class="line">service nginx start</span><br><span class="line"># 停止 Nginx</span><br><span class="line">service nginx stop</span><br><span class="line"># 如果需要重启,直接使用下面的更方便 </span><br><span class="line">nginx -s reload</span><br></pre></td></tr></table></figure><p>大家看一下我的服务器的端口开启信息:<br><img src="https://raw.githubusercontent.com/iplaypi/img-playpi/master/img/old/b7f2e3a3gy1g0tjc9ygu2j20bo02s0sl.jpg" alt="服务器端口开启情况" title="服务器端口开启情况"></p><h1 id="验证站点"><a href="# 验证站点" class="headerlink" title="验证站点"></a>验证站点</h1><p>打开站点 <a href="https://blog.playpi.org" target="_blank" rel="noopener">https://blog.playpi.org</a> ,可以愉快地访问了,可以看到 https 链接的绿锁。<br><img src="https://raw.githubusercontent.com/iplaypi/img-playpi/master/img/old/b7f2e3a3gy1g0tjcrc2zbj21hk0s6n10.jpg" alt="安全的站点主页" title="安全的站点主页"></p><p>接着查看一下 SSL 证书的信息。<br><img src="https://raw.githubusercontent.com/iplaypi/img-playpi/master/img/old/b7f2e3a3gy1g0tjd5kowxj20d60i90t0.jpg" alt="查看 SSL 证书信息" title="查看 SSL 证书信息"></p><h1 id="题外话"><a href="# 题外话" class="headerlink" title="题外话"></a>题外话</h1><h2 id="重定向问题思考"><a href="# 重定向问题思考" class="headerlink" title="重定向问题思考"></a> 重定向问题思考</h2><p>关于开启 https 的访问,我一开始也配置了 www 的二级域名,但是通过日志发现没有通过 301 重定向访问 <a href="https://www.playpi.org">https://www.playpi.org</a> 的请求,一直不明白原因。后来发现,因为做重定向的时候还是重定向到 GitHub 上面了。同理,如果使用 ip 直接访问,可以观察到自动跳转到 <a href="https://www.playpi.org">https://www.playpi.org</a> 了,查看证书还是 GitHub 的证书。所以后来直接把百度爬虫的请求转发到 blog 的二级域名还是明智的【www 的二级域名就不用自己再搞一套了】,否则百度爬虫还是抓取不到。如果百度爬虫直接使用 https 链接抓取还是可以的,但是看百度站长里面的说明,是通过 http 的 301 重定向抓取的。</p><h2 id="Nginx- 的 -https- 模块安装"><a href="#Nginx- 的 -https- 模块安装" class="headerlink" title="Nginx 的 https 模块安装"></a>Nginx 的 https 模块安装</h2><p>由于我使用的是简单小白的安装方式,不需要关心额外用到的模块,例如 http_ssl 模块,因为安装包里面自带了这个模块,可以使用 <strong>nginx -V</strong> 命令查看。<br><img src="https://raw.githubusercontent.com/iplaypi/img-playpi/master/img/old/b7f2e3a3gy1g0uj2a8vf6j21gm08smxy.jpg" alt="http_ssl 模块查看" title="http_ssl 模块查看"></p><p>因此,如果大家有使用源码编译安装的方式,注意 https 模块不能缺失,否则不能开启 https 的方式。</p></div><div><div id="wechat_subscriber" style="display:block;padding:10px 0;margin:20px auto;width:100%;text-align:center"><img id="wechat_subscriber_qcode" src="/images/wechat-qr-personal.jpg" alt="虾丸派 wechat" style="width:200px;max-width:100%"><div>扫一扫添加博主,进技术交流群,共同学习进步</div></div></div><div><div style="padding:10px 0;margin:20px auto;width:90%;text-align:center"><div>永不止步</div><button id="rewardButton" disable="enable" onclick='var qr=document.getElementById("QR");"none"===qr.style.display?qr.style.display="block":qr.style.display="none"'><span>打赏</span></button><div id="QR" style="display:none"><div id="wechat" style="display:inline-block"><img id="wechat_qr" src="/images/wechat-pay-playpi.png" alt="虾丸派 微信支付"><p>微信支付</p></div></div></div></div><div><ul class="post-copyright"><li class="post-copyright-author"><strong>本文作者:</strong> 虾丸派</li><li class="post-copyright-link"><strong>本文链接:</strong> <a href="https://www.playpi.org/2019030501.html" title="Nginx 配置 SSL 证书实现 HTTPS 访问">https://www.playpi.org/2019030501.html</a></li><li class="post-copyright-license"><strong>版权声明: </strong>本博客所有文章除特别声明外,均采用 <a href="https://creativecommons.org/licenses/by-nc-sa/3.0/" rel="external nofollow" target="_blank">CC BY-NC-SA 3.0</a> 许可协议。转载请注明出处!</li></ul></div><footer class="post-footer"><div class="post-tags"><a href="/tags/Nginx/" rel="tag"><i class="fa fa-tag"></i> Nginx</a> <a href="/tags/https/" rel="tag"><i class="fa fa-tag"></i> https</a> <a href="/tags/ssl/" rel="tag"><i class="fa fa-tag"></i> ssl</a> <a href="/tags/certificate-chn/" rel="tag"><i class="fa fa-tag"></i> 证书</a></div><div class="post-nav"><div class="post-nav-next post-nav-item"><a href="/2019030401.html" rel="next" title="利用阿里云申请免费的 SSL 证书"><i class="fa fa-chevron-left"></i> 利用阿里云申请免费的 SSL 证书</a></div><span class="post-nav-divider"></span><div class="post-nav-prev post-nav-item"><a href="/2019030601.html" rel="prev" title="使用 Github 的 WebHooks 实现代码自动更新">使用 Github 的 WebHooks 实现代码自动更新 <i class="fa fa-chevron-right"></i></a></div></div></footer></div></article><div class="post-spread"></div></div></div><div class="comments" id="comments"><div id="vcomments"></div></div></div><div class="sidebar-toggle"><div class="sidebar-toggle-line-wrap"><span class="sidebar-toggle-line sidebar-toggle-line-first"></span> <span class="sidebar-toggle-line sidebar-toggle-line-middle"></span> <span class="sidebar-toggle-line sidebar-toggle-line-last"></span></div></div><aside id="sidebar" class="sidebar"><div class="sidebar-inner"><ul class="sidebar-nav motion-element"><li class="sidebar-nav-toc sidebar-nav-active" data-target="post-toc-wrap">文章目录</li><li class="sidebar-nav-overview" data-target="site-overview-wrap">站点概览</li></ul><section class="site-overview-wrap sidebar-panel"><div class="site-overview"><div class="site-author motion-element" itemprop="author" itemscope itemtype="http://schema.org/Person"><img class="site-author-image" itemprop="image" src="/images/favicon-1536x1536-playpi.png" alt="虾丸派"><p class="site-author-name" itemprop="name">虾丸派</p><p class="site-description motion-element" itemprop="description">记录知识 | 分享技术</p></div><nav class="site-state motion-element"><div class="site-state-item site-state-posts"><a href="/archives/"><span class="site-state-item-count">144</span> <span class="site-state-item-name">日志</span></a></div><div class="site-state-item site-state-categories"><a href="/categories/index.html"><span class="site-state-item-count">13</span> <span class="site-state-item-name">分类</span></a></div><div class="site-state-item site-state-tags"><a href="/tags/index.html"><span class="site-state-item-count">294</span> <span class="site-state-item-name">标签</span></a></div></nav><div class="feed-link motion-element"><a href="/atom.xml" rel="alternate"><i class="fa fa-rss"></i> RSS</a></div><div class="links-of-author motion-element"><span class="links-of-author-item"><a href="https://github.com/iplaypi" target="_blank" title="GitHub"><i class="fa fa-fw fa-github"></i>GitHub</a> </span><span class="links-of-author-item"><a href="https://weibo.com/u/3086148515" target="_blank" title="微博"><i class="fa fa-fw fa-weibo"></i>微博</a> </span><span class="links-of-author-item"><a href="mailto:playpi@qq.com" target="_blank" title="E-Mail"><i class="fa fa-fw fa-envelope"></i>E-Mail</a></span></div><div class="cc-license motion-element" itemprop="license"><a href="https://creativecommons.org/licenses/by-nc-sa/4.0/" class="cc-opacity" target="_blank" rel="external nofollow"><img src="/images/cc-by-nc-sa.svg" alt="Creative Commons"></a></div><div class="links-of-blogroll motion-element links-of-blogroll-inline"><div class="links-of-blogroll-title"><i class="fa fa-fw fa-link"></i> 友情链接</div><ul class="links-of-blogroll-list"><li class="links-of-blogroll-item"><a href="https://github.com/iplaypi" title="GitHub" target="_blank" rel="external nofollow">GitHub</a></li><li class="links-of-blogroll-item"><a href="https://weibo.com/u/3086148515" title="Weibo" target="_blank" rel="external nofollow">Weibo</a></li><li class="links-of-blogroll-item"><a href="https://www.playpi.org" title="虾丸派" target="_blank" rel="external nofollow">虾丸派</a></li><li class="links-of-blogroll-item"><a href="https://www.playpi.org" title="playpi" target="_blank" rel="external nofollow">playpi</a></li><li class="links-of-blogroll-item"><a href="https://www.liaoxuefeng.com" title="廖雪峰" target="_blank" rel="external nofollow">廖雪峰</a></li><li class="links-of-blogroll-item"><a href="http://www.ruanyifeng.com" title="阮一峰" target="_blank" rel="external nofollow">阮一峰</a></li><li class="links-of-blogroll-item"><a href="https://travis-ci.org/iplaypi/iplaypi.github.io" title="travis-ci" target="_blank" rel="external nofollow">travis-ci</a></li><li class="links-of-blogroll-item"><a href="https://www.vultr.com/?ref=7861302-4F" title="Vultr" target="_blank" rel="external nofollow">Vultr</a></li></ul></div></div></section><section class="post-toc-wrap motion-element sidebar-panel sidebar-panel-active"><div class="post-toc"><div class="post-toc-content"><ol class="nav"><li class="nav-item nav-level-1"><a class="nav-link" href="#安装 -Nginx"><span class="nav-number">1.</span> <span class="nav-text">安装 Nginx</span></a><ol class="nav-child"><li class="nav-item nav-level-2"><a class="nav-link" href="#创建源配置文件"><span class="nav-number">1.1.</span> <span class="nav-text">创建源配置文件</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#自动安装 -Nginx"><span class="nav-number">1.2.</span> <span class="nav-text">自动安装 Nginx</span></a></li></ol></li><li class="nav-item nav-level-1"><a class="nav-link" href="#获取 -SSL- 证书、配置参数"><span class="nav-number">2.</span> <span class="nav-text">获取 SSL 证书、配置参数</span></a><ol class="nav-child"><li class="nav-item nav-level-2"><a class="nav-link" href="#SSL- 证书获取"><span class="nav-number">2.1.</span> <span class="nav-text">SSL 证书获取</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#Nginx- 参数配置"><span class="nav-number">2.2.</span> <span class="nav-text">Nginx 参数配置</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#验证参数是否准确"><span class="nav-number">2.3.</span> <span class="nav-text">验证参数是否准确</span></a></li></ol></li><li class="nav-item nav-level-1"><a class="nav-link" href="#开启端口、启动 -Nginx"><span class="nav-number">3.</span> <span class="nav-text">开启端口、启动 Nginx</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#验证站点"><span class="nav-number">4.</span> <span class="nav-text">验证站点</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#题外话"><span class="nav-number">5.</span> <span class="nav-text">题外话</span></a><ol class="nav-child"><li class="nav-item nav-level-2"><a class="nav-link" href="#重定向问题思考"><span class="nav-number">5.1.</span> <span class="nav-text">重定向问题思考</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#Nginx- 的 -https- 模块安装"><span class="nav-number">5.2.</span> <span class="nav-text">Nginx 的 https 模块安装</span></a></li></ol></li></ol></div></div></section></div></aside></div></main><footer id="footer" class="footer"><div class="footer-inner"><div class="copyright">© 2016–<span itemprop="copyrightYear">2021</span> <span class="post-meta-divider">|</span> <span class="with-love"><i class="fa fa-heart"></i> </span><span class="author" itemprop="copyrightHolder">虾丸派</span> <span class="post-meta-divider">|</span> <span class="post-meta-item-icon"><i class="fa fa-area-chart"></i> </span><span class="post-meta-item-text">全站字数统计</span> <span title="全站字数统计">326.3k 字</span></div><div class="powered-by">由 <a class="theme-link" target="_blank" href="https://hexo.io" rel="external nofollow">Hexo</a> 强力驱动</div><span class="post-meta-divider">|</span><div class="theme-info">主题 <a class="theme-link" target="_blank" href="https://github.com/iissnan/hexo-theme-next" rel="external nofollow">NexT.Mist</a><script async src="//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script><span id="busuanzi_container_site_pv" style="display:none"><span class="post-meta-divider">|</span> 总访问量 <span id="busuanzi_value_site_pv"></span> 次 </span><span id="busuanzi_container_site_uv" style="display:none"><span class="post-meta-divider">|</span> 总访客 <span id="busuanzi_value_site_uv"></span> 人</span></div><div class="busuanzi-count"><script async src="https://dn-lbstatics.qbox.me/busuanzi/2.3/busuanzi.pure.mini.js"></script></div></div></footer><div class="back-to-top"><i class="fa fa-arrow-up"></i> <span id="scrollpercent"><span>0</span>%</span></div></div><script type="text/javascript">"[object Function]"!==Object.prototype.toString.call(window.Promise)&&(window.Promise=null)</script><script type="text/javascript" src="/lib/jquery/index.js?v=2.1.3"></script><script type="text/javascript" src="/lib/fastclick/lib/fastclick.min.js?v=1.0.6"></script><script type="text/javascript" src="/lib/jquery_lazyload/jquery.lazyload.js?v=1.9.7"></script><script type="text/javascript" src="/lib/velocity/velocity.min.js?v=1.2.1"></script><script type="text/javascript" src="/lib/velocity/velocity.ui.min.js?v=1.2.1"></script><script type="text/javascript" src="/lib/fancybox/source/jquery.fancybox.pack.js?v=2.1.5"></script><script type="text/javascript" src="/js/src/utils.js?v=5.1.3"></script><script type="text/javascript" src="/js/src/motion.js?v=5.1.3"></script><script type="text/javascript" src="/js/src/scrollspy.js?v=5.1.3"></script><script type="text/javascript" src="/js/src/post-details.js?v=5.1.3"></script><script type="text/javascript" src="/js/src/bootstrap.js?v=5.1.3"></script><script src="//unpkg.com/valine@1.3.7/dist/Valine.min.js"></script><script type="text/javascript">new Valine({av:AV,el:"#comments",verify:!1,notify:!1,app_id:"FC5Jijeg1meo2K2OzPYWK327-gzGzoHsz",app_key:"6A1ReY8tjhPutK00F01YbJSq",placeholder:"没有问题吗?"})</script><script type="text/javascript">var isfetched=!1,isXml=!0,search_path="search.xml";0===search_path.length?search_path="search.xml":/json$/i.test(search_path)&&(isXml=!1);var path="/"+search_path,onPopupClose=function(t){$(".popup").hide(),$("#local-search-input").val(""),$(".search-result-list").remove(),$("#no-result").remove(),$(".local-search-pop-overlay").remove(),$("body").css("overflow","")};function proceedsearch(){$("body").append('<div class="search-popup-overlay local-search-pop-overlay"></div>').css("overflow","hidden"),$(".search-popup-overlay").click(onPopupClose),$(".popup").toggle();var t=$("#local-search-input");t.attr("autocapitalize","none"),t.attr("autocorrect","off"),t.focus()}var searchFunc=function(t,e,s){"use strict";$("body").append('<div class="search-popup-overlay local-search-pop-overlay"><div id="search-loading-icon"><i class="fa fa-spinner fa-pulse fa-5x fa-fw"></i></div></div>').css("overflow","hidden"),$("#search-loading-icon").css("margin","20% auto 0 auto").css("text-align","center"),$.ajax({url:t,dataType:isXml?"xml":"json",async:!0,success:function(t){isfetched=!0,$(".popup").detach().appendTo(".header-inner");var o=isXml?$("entry",t).map(function(){return{title:$("title",this).text(),content:$("content",this).text(),url:$("url",this).text()}}).get():t,n=document.getElementById(e),r=document.getElementById(s),t=function(){var m=n.value.trim().toLowerCase(),x=m.split(/[\s\-]+/);1<x.length&&x.push(m);var e,w=[];0<m.length&&o.forEach(function(t){var e=!1,o=0,h=0,n=t.title.trim(),r=n.toLowerCase(),s=t.content.trim().replace(/<[^>]+>/g,""),a=s.toLowerCase(),i=decodeURIComponent(t.url),c=[],l=[];if(""!=n&&(x.forEach(function(t){function e(t,e,o){var n=t.length;if(0===n)return[];var r,s=0,a=[];for(o||(e=e.toLowerCase(),t=t.toLowerCase());-1<(r=e.indexOf(t,s));)a.push({position:r,word:t}),s=r+n;return a}c=c.concat(e(t,r,!1)),l=l.concat(e(t,a,!1))}),(0<c.length||0<l.length)&&(e=!0,o=c.length+l.length)),e){function p(t,e,o,n){for(var r=n[n.length-1],s=r.position,a=r.word,i=[],c=0;s+a.length<=o&&0!=n.length;){a===m&&c++,i.push({position:s,length:a.length});var l=s+a.length;for(n.pop();0!=n.length&&(s=(r=n[n.length-1]).position,a=r.word,s<l);)n.pop()}return h+=c,{hits:i,start:e,end:o,searchTextCount:c}}[c,l].forEach(function(t){t.sort(function(t,e){return e.position!==t.position?e.position-t.position:t.word.length-e.word.length})});t=[];0!=c.length&&t.push(p(0,0,n.length,c));for(var u=[];0!=l.length;){var f=l[l.length-1],d=f.position,g=f.word,v=d-20,f=d+80;v<0&&(v=0),(f=f<d+g.length?d+g.length:f)>s.length&&(f=s.length),u.push(p(0,v,f,l))}u.sort(function(t,e){return t.searchTextCount!==e.searchTextCount?e.searchTextCount-t.searchTextCount:t.hits.length!==e.hits.length?e.hits.length-t.hits.length:t.start-e.start});e=parseInt("1");function $(o,t){var n="",r=t.start;return t.hits.forEach(function(t){n+=o.substring(r,t.position);var e=t.position+t.length;n+='<b class="search-keyword">'+o.substring(t.position,e)+"</b>",r=e}),n+=o.substring(r,t.end)}0<=e&&(u=u.slice(0,e));var C="";0!=t.length?C+="<li><a href='"+i+"' class='search-result-title'>"+$(n,t[0])+"</a>":C+="<li><a href='"+i+"' class='search-result-title'>"+n+"</a>",u.forEach(function(t){C+="<a href='"+i+'\'><p class="search-result">'+$(s,t)+"...</p></a>"}),C+="</li>",w.push({item:C,searchTextCount:h,hitCount:o,id:w.length})}}),1===x.length&&""===x[0]?r.innerHTML='<div id="no-result"><i class="fa fa-search fa-5x" /></div>':0===w.length?r.innerHTML='<div id="no-result"><i class="fa fa-frown-o fa-5x" /></div>':(w.sort(function(t,e){return t.searchTextCount!==e.searchTextCount?e.searchTextCount-t.searchTextCount:t.hitCount!==e.hitCount?e.hitCount-t.hitCount:e.id-t.id}),e='<ul class="search-result-list">',w.forEach(function(t){e+=t.item}),e+="</ul>",r.innerHTML=e)};n.addEventListener("input",t),$(".local-search-pop-overlay").remove(),$("body").css("overflow",""),proceedsearch()}})};$(".popup-trigger").click(function(t){t.stopPropagation(),!1===isfetched?searchFunc(path,"local-search-input","local-search-result"):proceedsearch()}),$(".popup-btn-close").click(onPopupClose),$(".popup").click(function(t){t.stopPropagation()}),$(document).on("keyup",function(t){27===t.which&&$(".search-popup").is(":visible")&&onPopupClose()})</script><script>!function(){var t=document.createElement("script"),e=window.location.protocol.split(":")[0];t.src="https"===e?"https://zz.bdstatic.com/linksubmit/push.js":"http://push.zhanzhang.baidu.com/push.js";e=document.getElementsByTagName("script")[0];e.parentNode.insertBefore(t,e)}()</script><script type="text/javascript" src="/js/src/js.cookie.js?v=5.1.3"></script><script type="text/javascript" src="/js/src/scroll-cookie.js?v=5.1.3"></script><script src="/live2dw/lib/L2Dwidget.min.js?094cbace49a39548bed64abff5988b05"></script><script>L2Dwidget.init({pluginRootPath:"live2dw/",pluginJsPath:"lib/",pluginModelPath:"assets/",tagMode:!1,debug:!1,model:{scale:1,jsonPath:"/live2dw/assets/hijiki.model.json"},display:{position:"left",width:100,height:200,hOffset:0,vOffset:-20},mobile:{show:!1,motion:!0,scale:.3},log:!1})</script></body></html>