nginx配置https
一、下载证书
1、直接去阿里云申请免费证书,也可以买SSL证书
2、将下载好的证书解压,上传到nginx目录cert文件夹下,如果没有cert文件夹,就新建一个
二、配置文件
server {
listen 443 ssl;
server_name www.example.com;#站点域名
access_log /usr/local/nginx/logs/access.log;#成功日志
error_log /usr/local/nginx/logs/error.log;#错误日志
ssl on;
#root /home/project/example;#站点目录
set $root /home/project/example;#设置站点目录
index index.html index.php index.htm;
ssl_certificate /usr/local/nginx/cert/3043812_www.example.com.pem;#证书目录
ssl_certificate_key /usr/local/nginx/cert/3043812_www.example.com.key;#证书目录
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
error_page 404 /404.html;
location = /404.html {
return 404 'Sorry, File not Found!';
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/local/nginx/html;
}
location ~ /.svn/ {
deny all;
}
location ~ .*\.(gif|jpg|jpeg|bmp|png|ico|txt|js|css)$
{
root $root;
}
location / {
root $root;
index index.html index.php;
try_files $uri $uri/ /index.php?s=$uri&$args;
if ( -f $request_filename) {
break;
}
if ( !-e $request_filename) {
rewrite ^(.*)$ /index.php/$1 last;
break;
}
}
location ~ .+\.php($|/) {
#Nginx和PHP-FPM的进程间通信有两种,下篇文章介绍两种方式
#fastcgi_pass 127.0.0.1:9000;
fastcgi_pass unix:/dev/shm/php-cgi.sock;
fastcgi_split_path_info ^((?U).+.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $root$fastcgi_script_name;
include fastcgi_params;#表示nginx会调用fastcgi这个接口
}
}
server{
listen 80;
server_name www.example.com;
#rewrite ^(.*)$ https://www.example.com$1 permanent;
rewrite ^(.*)$ https://$host$1 permanent;#301重定向
}