在AWS Lightsail上给hexo blog配置HTTPS
申请免费SSL证书
免费证书渠道:
- 如果是万网的域名,可以使用阿里云的免费SSL证书
- 如果不是万网的域名,可以考虑Let’s Encrypt
我的域名是万网注册的,因此直接使用阿里云提供的免费SSL证书
配置SSL证书
lightsail证书配置
万网证书下载后,选择其中适用于nginx的版本,将对应的.key和.pem文件传到lightsail instance中。1
2
3
4
5
6
7# 建立cert目录
sudo mkdir -p /etc/nginx/cert
# 上传证书, 可以scp也可以直接vim拷贝写入 (此处命名为www.jibing57.com.pem和www.jibing57.com.key)
sudo vim /etc/nginx/cert/www.jibing57.com.key
sudo vim /etc/nginx/cert/www.jibing57.com.pem修改配置nginx
修改nginx配置, 支持SSL,并配置http请求redirect到https。1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32$ cat hexo.conf
server {
listen 80;
server_name www.jibing57.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name www.jibing57.com;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
keepalive_timeout 70;
ssl_certificate cert/www.jibing57.com.pem;
ssl_certificate_key cert/www.jibing57.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
# gzip
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;
root /opt/app/web/hexo;
}重启nginx
1
2
3
4
5# 检查配置是否正确
sudo service nginx configtest
# 重启nginx
sudo service nginx restart试验
访问https://www.jibing57.com成功。