https證書設定以及設定301跳轉
1、在Nginx的安裝目錄下建立cert目錄,並且將下載的全部檔案拷貝到cert目錄中。
2、開啟 Nginx 安裝目錄下 conf 目錄中的 nginx.conf 檔案,找到:
HTTPS server server { listen 443; server_name localhost; ssl on; ssl_certificate cert.pem; ssl_certificate_key cert.key; ssl_session_timeout 5m; ssl_protocols SSLv2 SSLv3 TLSv1; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_prefer_server_ciphers on; location / { } }
3、將其修改為 (以下屬性中ssl開頭的屬性與證書配置有直接關係,其它屬性請結合自己的實際情況複製或調整) :
server { listen 443; server_name localhost; ssl on; root html; index index.html index.htm; ssl_certificate/usr/local/nginx/conf/cert/www.baidu.com.pem; ssl_certificate_key/usr/local/nginx/conf/cert/www.baidu.com.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { root html; index index.html index.htm; } }
4、設定301跳轉,實現http與https看起來像同一個網站
server { listen 80; server_namewww.baidu.com baidu.com; index index.html index.htm index.php default.html default.htm default.php; root /home/www/baidu; return 301 https://www.baidu.com$request_uri; }
5、啟用檔案壓縮
#-------gzip conf----- gzip on; gzip_min_length 1k; gzip_buffers 4 16k; #gzip_http_version 1.0; gzip_comp_level 6; gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png; gzip_vary off; gzip_disable "MSIE [1-6]\.";
基本只需要更改gzip_comp_level等級,1-9,等級越高壓縮率越高,但相應也越耗CPU資源,一般不會設定可以折中為6.
6、重啟nginx服務
./nginx -s reload systemctl nginx restart