Nginx配置ssl证书无法访问的问题
Contents
nginx配置了SSL证书,但是http能访问,https不行
检查443端口是否已经开放
- 腾讯云和阿里云的安全策略组里面放行端口
80
和443
- 防火墙端口放开。通过SSH登录到服务器(centos为例)
- centos通过
firewall-cmd --list-all
查看是否开放了443端口 - 若没有,运行
firewall-cmd --zone=public --add-port=443/tcp --permanent
systemctl restart firewalld
重启防火墙生效
- centos通过
检查证书是否配置正确
server {
listen 443 ssl;
server_name your domain;
client_max_body_size 1024m;
ssl_certificate /www/server/nginx/conf/cert/555.pem;
ssl_certificate_key /www/server/nginx/conf/cert/555.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
}
强制http跳转到https,提示重定向过多
你使用了rewrite
,并且在一个server里面同时监听了80
和443
解决方法:80
和443
分别拆分到不同的server
,80里面做301重定向,下面是配置文件,仅供参考。
upstream halo {
server 127.0.0.1:8090;
}
server {
listen 80;
return 301 https://yourdomain$request_uri;
}
server {
listen 443 ssl;
server_name yourdomain;
client_max_body_size 1024m;
#charset koi8-r;
ssl_certificate /www/server/nginx/conf/cert/xxx.pem;
ssl_certificate_key /www/server/nginx/conf/cert/xxx.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
#access_log logs/host.access.log main;
location / {
proxy_pass http://halo;
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}