一,准备工作
- 证书秘钥,推荐 Freessl
- Nginx 服务器
二,修改配置文件
1,ssl 配置文件 ssl.conf
server {
listen 443 ssl;
server_name yourdomain.com;
# 项目路径
root /www/trunk;
# 配证书的pem|key文件地址
ssl_certificate /etc/cert/yoursignature.pem;
ssl_certificate_key /etc/cert/yoursignature.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
location / {
root /www/trunk;
index index.php index.html index.htm;
}
error_page 404 /404.html;
location = /404.html {
root /usr/share/nginx/html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
root /www/trunk;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /www/trunk$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}
2,修改 nginx 默认配置 default.conf
server {
listen 80;
server_name yourdomain.com;
rewrite ^(.*)$ https://$host$1 permanent;
}
三,重启 Nginx
systemctl restart nginx.service
欢迎来到这里!
我们正在构建一个小众社区,大家在这里相互信任,以平等 • 自由 • 奔放的价值观进行分享交流。最终,希望大家能够找到与自己志同道合的伙伴,共同成长。
注册 关于