腾讯云SSL配置感悟及注意点
腾讯云SSL配置感悟及注意点–持续更新
- 首先登录腾讯云获取对应域名的ssl证书;
- 下载证书,获得到一个证书(crt文件)和一个私钥(key文件);
- 将这两个文件复制到nginx配置目录下,也可以随便丢在一个文件夹,为了便于查找还是丢在nginx配置目录下;
-
修改nginx.conf文件,添加server块,参考如下:(摘自腾讯云)https://cloud.tencent.com/document/product/1207/47027
listen 443 ssl; server_tokens off; keepalive_timeout 5; root /usr/local/lighthouse/softwares/wordpress; index index.php index.html; access_log logs/wordpress.log combinediox; error_log logs/wordpress.error.log; server_name cloud.tencent.com; #填写您的证书绑定的域名,例如:cloud.tencent.com ssl_certificate 1_cloud.tencent.com_bundle.crt; #填写您的证书文件名称,例如:1_cloud.tencent.com_bundle.crt ssl_certificate_key 2_cloud.tencent.com.key; #填写您的私钥文件名称,例如:2_cloud.tencent.com.key ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # 可参考此 SSL 协议进行配置 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; #可按照此加密套件配置,写法遵循 openssl 标准 ssl_prefer_server_ciphers on; location ~* \.php$ { fastcgi_pass 127.0.0.1:9000; include fastcgi.conf; client_max_body_size 20m; fastcgi_connect_timeout 30s; fastcgi_send_timeout 30s; fastcgi_read_timeout 30s; fastcgi_intercept_errors on; } -
保存nginx.conf,重新生成docker容器,推到docker hub,云服务器重新拉取一下镜像,docker run -it –name xxx -p 80:80 -p 443:443 镜像名
版权声明:本文为barry-cbt原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。