#####首先要激活在namecheap上购买的ssl服务
- 生成SSL证书获取CSR
bash openssl req -new -key yourdomain.pem -out yourdomain.csr
, 然后按照提示输入信息即可 - 执行cat yourdomain.csr 内容大概如下
-----BEGIN CERTIFICATE REQUEST----- MIICxDCCAawCAQAwfzELMAkGA1UEBhMCQ04xEDAOBgNVBAgMB0JlaWppbmcxEDAO BgNVBAcMB0JlaWppbmcxDjAMBgNVBAoMBUJpZ2ZhMRcwFQYDVQQDDA55b3VyZG9t YWluLmNvbTEjMCEGCSqGSIb3DQEJARYUYWRtaW5AeW91cmRvbWFpbi5jb20wggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9fsxThwLzCd54s2GMUcjlleCj LTf9bYGQyIjn+6z7kJbDbcrkbZxMysfRnFLa6u5oK7S9PQfGHK/gZeHfSLXbD/GL wi171tZpnQHjfLjMbHEUEUCFQD7ueek/v3/Tr+T0+em1gQt/93K2dqv7Cx+bupwc zNkQmqNgqslC4sdKQZjLUIHYLr/j8lQQLOOn9/PiuNOGCTaK5g9TA20oVCjpJZuf 1eN7jYUOtvy4IGhq4BkNJHHmg32cxH9mZOgmhohq+pbmi0PP8E2OFTzpyZ6OcFtW IcSRq3UpjPw8EYfEg4lDC0Xee2Yom7Is8yBWAPcNKxpvFphlHirHOF6xifRzAgMB AAGgADANBgkqhkiG9w0BAQUFAAOCAQEAN9OnT8J1VnO74bXbJS9ub7DGf94klpoy YQWePKelnImU1Zszdg3jYtKWZVcNYhM5QfZ16CDKwYEQeQkgy1xSBKkwpY24ICe+ iX1sczvBY/gUq+xNArL5La7/Tow3KrJZJuFc1iVESBG0wU8zu9ZcnwbuRj0Dn8qj fMqwwct+0Xz2zXxiqtVCPNQXqa/YRANGnFnBBPErBnaL/j439s4TBasSiIyb7TE+ Ku9LrfecL5w8+05NFPcG1ArpbQJDuJIIAk1itTMLEMGqUYWD6MYcksH4FcTr70Vw f8Ag9+Csyf5aQxQVgNDCgc3zwHTg0Bpbldx8+HiCiDXjaK4qAXKBRQ== -----END CERTIFICATE REQUEST-----
- 将上面内容填入namecheap上, 通过验证后即可获得来自ssl服务商发来的证书
我们这里使用的是nginx + puma
server {
listen 443 ssl spdy;
server_name example.com;
ssl_certificate /etc/ssl/example.com-unified.crt;
ssl_certificate_key /etc/ssl/example.com.pem;
root /var/www/example.com/current/public;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_redirect off;
if (-f $request_filename) {
break;
}
proxy_pass http://puma;
}
##相关参考文章