nginx配置https
一、下载证书
1、直接去阿里云申请免费证书,也可以买SSL证书
2、将下载好的证书解压,上传到nginx目录cert文件夹下,如果没有cert文件夹,就新建一个
二、配置文件
server { listen 443 ssl; server_name www.example.com;#站点域名 access_log /usr/local/nginx/logs/access.log;#成功日志 error_log /usr/local/nginx/logs/error.log;#错误日志 ssl on; #root /home/project/example;#站点目录 set $root /home/project/example;#设置站点目录 index index.html index.php index.htm; ssl_certificate /usr/local/nginx/cert/3043812_www.example.com.pem;#证书目录 ssl_certificate_key /usr/local/nginx/cert/3043812_www.example.com.key;#证书目录 ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; error_page 404 /404.html; location = /404.html { return 404 'Sorry, File not Found!'; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/local/nginx/html; } location ~ /.svn/ { deny all; } location ~ .*\.(gif|jpg|jpeg|bmp|png|ico|txt|js|css)$ { root $root; } location / { root $root; index index.html index.php; try_files $uri $uri/ /index.php?s=$uri&$args; if ( -f $request_filename) { break; } if ( !-e $request_filename) { rewrite ^(.*)$ /index.php/$1 last; break; } } location ~ .+\.php($|/) { #Nginx和PHP-FPM的进程间通信有两种,下篇文章介绍两种方式 #fastcgi_pass 127.0.0.1:9000; fastcgi_pass unix:/dev/shm/php-cgi.sock; fastcgi_split_path_info ^((?U).+.php)(/?.+)$; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $root$fastcgi_script_name; include fastcgi_params;#表示nginx会调用fastcgi这个接口 } } server{ listen 80; server_name www.example.com; #rewrite ^(.*)$ https://www.example.com$1 permanent; rewrite ^(.*)$ https://$host$1 permanent;#301重定向 }