ssl.conf文件:
server {
listen 443;
server_name www.domain.com; # 改为绑定证书的域名
ssl on;
ssl_certificate 1_www.domain.com_bundle.crt; # 改为自己申请得到的 crt 文件的名称
ssl_certificate_key 2_www.domain.com.key; # 改为自己申请得到的 key 文件的名称
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
root /usr/share/nginx/html; #站点目录
index index.html index.htm;
}
}
SSL实际配置,带rewrite,php-fpm
server {
listen ;
server_name localhost;
root "/www/demo";
index index.html index.htm index.php;
#重定向到
rewrite ^(.*) https://$host$1 permanent;
}
server {
listen ;
server_name localhost;
ssl on;
root "/www/demo";
index index.html index.htm;
ssl_certificate cert/.pem;
ssl_certificate_key cert/.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1. TLSv1.;
ssl_prefer_server_ciphers on;
#url重写配置
location / {
try_files $uri @rewrite;
client_max_body_size 30m;
}
location @rewrite {
set $static ;
if ($uri ~ \.(css|js|jpg|jpeg|png|gif|ico|woff|eot|svg|css\.map|min\.map)$) {
set $static ;
}
if ($static = ) {
rewrite ^/(.*)$ /index.php?s=/$;
}
}
location ~ /Uploads/.*\.php$ {
deny all;
}
location ~ \.php/ {
if ($request_uri ~ ^(.+\.php)(/.+?)($|\?)) { }
fastcgi_pass 127.0.0.1:;
include fastcgi_params;
fastcgi_param SCRIPT_NAME $;
fastcgi_param PATH_INFO $;
fastcgi_param SCRIPT_FILENAME $document_root$;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}