入门
免费私有化部署
免费在线使用(快速上手指引)
详细使用说明书(功能介绍) 📔
集成到您的网站、APP或公众号
部署 SSL(HTTPS) 证书
上传证书文件
将申请得到的证书文件,上传至服务器,例如:
/usr/local/nginx/cert/ssl.pem;
/usr/local/nginx/cert/ssl.key;
配置 Nginx
编辑 nginx 配置文件
vim /usr/local/nginx/conf/nginx.conf
主程序站点的配置,参考以下示例进行修改
map $http_upgrade $connection_upgrade { default upgrade; '' close; } upstream dotnet_server_proxy { server localhost:5000; keepalive 2000; } server{ listen 443 ssl; server_name kf-api.yourname.com; location / { proxy_pass http://dotnet_server_proxy; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection keep-alive; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; } ssl_certificate /usr/local/nginx/cert/ssl.pem; ssl_certificate_key /usr/local/nginx/cert/ssl.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; } server { listen 80; server_name kf-api.yourname.com; rewrite ^(.*)$ https://$host$1 permanent; }
静态资源站点的配置,参考以下示例进行修改。
server { listen 443 ssl; server_name kf-resource.yourname.com; location / { root /wwwroot/Resource; index v.html; } ssl_certificate /usr/local/nginx/cert/ssl.pem; ssl_certificate_key /usr/local/nginx/cert/ssl.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; } server { listen 80; server_name kf-resource.yourname.com; rewrite ^(.*)$ https://$host$1 permanent; }
管理后台与静态资源站点的配置方法一致,不再赘述。
重新加载 nginx 配置文件
cd /usr/local/nginx/sbin
./nginx -s reload