CentOS7 配置Nginx域名HTTPS

Configuring Nginx with HTTPS on CentOS 7 involves similar steps to the ones for Ubuntu, but with some variations in package management and service control. Here's a step-by-step guide for CentOS 7:

Prerequisites

  1. Domain Name : "www.xxx.com"
  2. Nginx Installed: Ensure Nginx is installed.
  3. Domain DNS: Domain should point to your server's IP address.
  4. Root Privileges : You should have root or sudo privileges.

Step-by-Step Guide

1. Install Nginx

If Nginx is not already installed, you can install it using the following commands:

sh 复制代码
sudo yum install epel-release
sudo yum install nginx

Start and enable Nginx to start on boot:

sh 复制代码
sudo systemctl start nginx
sudo systemctl enable nginx
2. Configure Firewall

Allow HTTPS traffic through your firewall:

sh 复制代码
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload
3. Obtain SSL Certificate

Install Certbot and the Nginx plugin:

sh 复制代码
sudo yum install certbot python2-certbot-nginx
4. Request SSL Certificate

Run Certbot to obtain and install the SSL certificate:

sh 复制代码
sudo certbot --nginx -d www.xxx.com

Follow the prompts to complete the process. Certbot will automatically configure Nginx to use the SSL certificate.

5. Verify Nginx Configuration

Open your Nginx configuration file to verify or manually configure the SSL settings:

sh 复制代码
sudo vim /etc/nginx/conf.d/www.xxx.com.conf

Ensure your server block looks like this:

nginx 复制代码
server {
    listen 80;
    listen [::]:80;
    server_name www.xxx.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name www.xxx.com;

    ssl_certificate /etc/letsencrypt/live/www.xxx.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.xxx.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    root /usr/share/nginx/html;
    index index.html index.htm;

    location / {
        try_files $uri $uri/ =404;
    }
}
6. Test Nginx Configuration

Test your configuration to ensure there are no syntax errors:

sh 复制代码
sudo nginx -t

If the test is successful, reload Nginx:

sh 复制代码
sudo systemctl reload nginx
7. Set Up Automatic Certificate Renewal

Let's Encrypt certificates are valid for 90 days. Certbot can handle renewal automatically. To set up a cron job for automatic renewal, open the crontab editor:

sh 复制代码
sudo crontab -e

Add the following line to the crontab file:

sh 复制代码
0 0,12 * * * /usr/bin/certbot renew --quiet

This runs the renewal command twice daily.

Access Your Site

Now, you should be able to access your site securely at https://www.xxx.com.

Troubleshooting

If you encounter any issues, check the Nginx and Certbot logs for more information:

sh 复制代码
sudo tail -f /var/log/nginx/error.log
sudo tail -f /var/log/letsencrypt/letsencrypt.log

This setup ensures that your website is served over HTTPS, providing security and trust to your visitors.

相关推荐
大耳朵土土垚2 小时前
【Linux】日志设计模式与实现
linux·运维·设计模式
学问小小谢2 小时前
第26节课:内容安全策略(CSP)—构建安全网页的防御盾
运维·服务器·前端·网络·学习·安全
yaoxin5211233 小时前
第十二章 I 开头的术语
运维·服务器
ProgramHan3 小时前
1992-2025年中国计算机发展状况:服务器、电脑端与移动端的演进
运维·服务器·电脑
马立杰7 小时前
H3CNE-33-BGP
运维·网络·h3cne
云空8 小时前
《DeepSeek 网页/API 性能异常(DeepSeek Web/API Degraded Performance):网络安全日志》
运维·人工智能·web安全·网络安全·开源·网络攻击模型·安全威胁分析
没有名字的小羊8 小时前
Cyber Security 101-Build Your Cyber Security Career-Security Principles(安全原则)
运维·网络·安全
千夜啊9 小时前
Nginx 运维开发高频面试题详解
运维·nginx·运维开发
存储服务专家StorageExpert10 小时前
答疑解惑:如何监控EMC unity存储系统磁盘重构rebuild进度
运维·unity·存储维护·emc存储
chian-ocean11 小时前
从理论到实践:Linux 进程替换与 exec 系列函数
linux·运维·服务器