《运维》三、解析二级域名和配置https证书(运维4)
解析二级域名和配置https证书
一、解析二级域名(DNS 解析 DNSPod)
-
1、打开腾讯云/阿里云
-
2、找到 云解析 -> 域名解析列表 -> 点击要解析域名的解析操作
-
3、点击添加记录
比如原来主域名为mywebsite.com
,子域名名字填写abc
-
4、
ping abc.mywebsite.com
测试是否添加子域名成功
二、配置https证书
- 1、打开腾讯云/阿里云
- 2、找到 ssl证书 -> 证书管理 -> 申请免费证书
- 3、通用名字可写
abc.mywebsite.com
- 4、选中 自动DNS验证
- 5、下载ssl证书后放到云服务器上某个路径
- 6、
/etc/nginx/conf.d/
目录下新增一个nginx的conf
配置,如xxx.conf
配置中,开启ssl
并指定证书的路径// 完整配置 server { 5 listen 443 ssl; 6 server_name abc.mywebsite.com; 7 8 root /data/www/abc; 9 index index.php index.html index.htm; 10 11 access_log /var/log/nginx/access_it.log main; 12 13 ssl on; 14 ssl_certificate /abc/httpscer/Nginx/1_abc.mywebsite.com_bundle.crt; 15 ssl_certificate_key /envirsqy/httpscer/Nginx/2_abc.mywebsite.com.key; 16 ssl_session_timeout 5m; 17 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 18 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; 19 ssl_prefer_server_ciphers on; 20 21 22 location / { 23 24 try_files $uri $uri/ /index.php?$args; 25 26 if (!-e $request_filename) { 27 rewrite ^(.*)$ /index.php?s=$1 last; 28 break; 29 } 30 } 31 32 33 if (!-e $request_filename) { 34 rewrite "^/(.*)" /index.php?s=/$1 last; 35 break; 36 } 37 38 location ~ \.php$ { 39 40 fastcgi_pass 127.0.0.1:9000; 41 fastcgi_param PATH_INFO $fastcgi_path_info; 42 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 43 include fastcgi_params; 44 try_files $uri =404; 45 } 46 47 }