准备:
ssl zip 证书有4个证书,https 我们需要域名_com.crt 这个
还有一个 域名.com_key.txt 这个文件
步骤:
1.首先生成pem文件 这个是由以上2个文件生成的 RSA 非对称加密
https://www.myssl.cn/tools/check-crtkey.html
选择这个网站的pem 生成
2.将域名.com_key.txt 这个文件 修改为 域名_com.key
3.将前俩个文件和 域名_com.crt 放在目录 ssl
4.把 ssl 放在/etc/nginx/ssl
5.配置/etc/nginx/conf.d/
# the upstream component nginx needs to connect to
upstream django {
# server unix:///path/to/your/mysite/mysite.sock; # for a file socket
server 127.0.0.1:8001; # for a web port socket (we'll use this first)
}
# configuration of the server
server {
# the port your site will be served on
listen 80;
# the domain name it will serve for
server_name 域名; # substitute your machine's IP address or FQDN
charset utf-8;
return 301 https://www.域名.com$request_uri;
# max upload size
client_max_body_size 75M; # adjust to taste
# Django media
location /media {
alias ; # 指向django的media目录
}
location /static {
alias ; # 指向django的static目录
}
# Finally, send all non-media requests to the Django server.
location / {
uwsgi_pass django;
include uwsgi_params; # the uwsgi_params file you installed
}
}
server {
listen 443; #这里需要443 为https 默认的端口
access_log /root/log.txt; # Nginx日志配置
server_name 域名; #这里是你的域名
ssl on;
root html;
index index.html index.htm;
ssl_certificate /etc/nginx/ssl/域名_com.pem; #你的pem 前面的目录可以自己随便建立
ssl_certificate_key /etc/nginx/ssl/域名_com.key; #你的key 前面的目录可以自己随便建立
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
root /root/source/Jue;
include uwsgi_params; # 导入一个Nginx模块他是用来和uWSGI进行通讯的
uwsgi_connect_timeout 30; # 设置连接uWSGI超时时间
uwsgi_pass django; # 指定uwsgi的sock文件所有动态请求就会直接丢给他
}
# Django media
location /media {
alias ; # 指向django的media目录
}
location /static {
alias; # 指向django的static目录
}
}
网友评论