CentOS7 配置Nginx域名HTTPS

Configuring Nginx with HTTPS on CentOS 7 involves similar steps to the ones for Ubuntu, but with some variations in package management and service control. Here's a step-by-step guide for CentOS 7:

Prerequisites

  1. Domain Name : "www.xxx.com"
  2. Nginx Installed: Ensure Nginx is installed.
  3. Domain DNS: Domain should point to your server's IP address.
  4. Root Privileges : You should have root or sudo privileges.

Step-by-Step Guide

1. Install Nginx

If Nginx is not already installed, you can install it using the following commands:

sh 复制代码
sudo yum install epel-release
sudo yum install nginx

Start and enable Nginx to start on boot:

sh 复制代码
sudo systemctl start nginx
sudo systemctl enable nginx
2. Configure Firewall

Allow HTTPS traffic through your firewall:

sh 复制代码
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload
3. Obtain SSL Certificate

Install Certbot and the Nginx plugin:

sh 复制代码
sudo yum install certbot python2-certbot-nginx
4. Request SSL Certificate

Run Certbot to obtain and install the SSL certificate:

sh 复制代码
sudo certbot --nginx -d www.xxx.com

Follow the prompts to complete the process. Certbot will automatically configure Nginx to use the SSL certificate.

5. Verify Nginx Configuration

Open your Nginx configuration file to verify or manually configure the SSL settings:

sh 复制代码
sudo vim /etc/nginx/conf.d/www.xxx.com.conf

Ensure your server block looks like this:

nginx 复制代码
server {
    listen 80;
    listen [::]:80;
    server_name www.xxx.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name www.xxx.com;

    ssl_certificate /etc/letsencrypt/live/www.xxx.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.xxx.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    root /usr/share/nginx/html;
    index index.html index.htm;

    location / {
        try_files $uri $uri/ =404;
    }
}
6. Test Nginx Configuration

Test your configuration to ensure there are no syntax errors:

sh 复制代码
sudo nginx -t

If the test is successful, reload Nginx:

sh 复制代码
sudo systemctl reload nginx
7. Set Up Automatic Certificate Renewal

Let's Encrypt certificates are valid for 90 days. Certbot can handle renewal automatically. To set up a cron job for automatic renewal, open the crontab editor:

sh 复制代码
sudo crontab -e

Add the following line to the crontab file:

sh 复制代码
0 0,12 * * * /usr/bin/certbot renew --quiet

This runs the renewal command twice daily.

Access Your Site

Now, you should be able to access your site securely at https://www.xxx.com.

Troubleshooting

If you encounter any issues, check the Nginx and Certbot logs for more information:

sh 复制代码
sudo tail -f /var/log/nginx/error.log
sudo tail -f /var/log/letsencrypt/letsencrypt.log

This setup ensures that your website is served over HTTPS, providing security and trust to your visitors.

相关推荐
RisunJan8 小时前
Linux命令-rlogin(远程登录)
linux·运维
深圳恒讯8 小时前
菲律宾云服务器与传统VPS的架构差异
运维·服务器·架构
蓝天下的守望者8 小时前
svt_apb_if里的宏定义问题
运维·服务器·数据库
小林ixn8 小时前
从“玩具工具”到“跨语言利器”:MCP 协议实战解析
运维·服务器·网络
小顿的企业观察9 小时前
中企出海战略规划,正在从“走出去”转向“走进去”
大数据·运维·人工智能·产品运营·制造
数智化转型推荐官9 小时前
2026统一身份管理系统五大发展趋势解读
java·运维·微服务
看菜鸡互9 小时前
探索用 SlideML 让大模型生成 PPT 的实验方法
java·运维
liguojun202512 小时前
篮球馆自动计时收费系统:从规则配置到自动结算的全流程拆解
java·大数据·运维·人工智能·物联网·1024程序员节
Promise微笑12 小时前
红外分辨率 160×120、320×240、384×288 与 640×480实战选型指南
大数据·运维·人工智能·物联网
云飞云共享云桌面13 小时前
单机建模卡顿运维繁琐!中小型机械制造厂云飞云 3D 云桌面落地
运维·服务器·网络·3d·自动化·电脑·负载均衡