zoukankan      html  css  js  c++  java
  • SSL 证书配置nginx

    ssl.conf文件:

    server {
    listen 443;
    server_name www.domain.com; # 改为绑定证书的域名
    ssl on;
    ssl_certificate 1_www.domain.com_bundle.crt; # 改为自己申请得到的 crt 文件的名称
    ssl_certificate_key 2_www.domain.com.key; # 改为自己申请得到的 key 文件的名称
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;

    location / {
    root /usr/share/nginx/html; #站点目录
    index index.html index.htm;
    }
    }

    SSL实际配置,带rewrite,php-fpm

    server {
        listen       80;
        server_name  localhost;
        root   "/www/demo";
        index  index.html index.htm index.php;
    
    #重定向到
        rewrite ^(.*)  https://$host$1 permanent;
    }
    
    server {
        listen 443;
        server_name localhost;
        ssl on;
    
        root "/www/demo";
        index index.html index.htm;
    
        ssl_certificate   cert/214097075070201.pem;
        ssl_certificate_key  cert/214097075070201.key;
        ssl_session_timeout 5m;
    
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
    
    #url重写配置
        location / {
            try_files $uri @rewrite;
        client_max_body_size   30m;
        }
        location @rewrite {
            set $static 0;
            if  ($uri ~ .(css|js|jpg|jpeg|png|gif|ico|woff|eot|svg|css.map|min.map)$) {
                set $static 1;
            }
            if ($static = 0) {
                rewrite ^/(.*)$ /index.php?s=/$1;
            }
        }
        location ~ /Uploads/.*.php$ {
            deny all;
        }
        location ~ .php/ {
           if ($request_uri ~ ^(.+.php)(/.+?)($|?)) { }
           fastcgi_pass 127.0.0.1:9000;
           include fastcgi_params;
           fastcgi_param SCRIPT_NAME     $1;
           fastcgi_param PATH_INFO       $2;
           fastcgi_param SCRIPT_FILENAME $document_root$1;
        }
        location ~ .php$ {
            fastcgi_pass 127.0.0.1:9000;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
        }
        location ~ /.ht {
            deny  all;
        }
    }
  • 相关阅读:
    第十一次作业——LL(1)文法
    wechall前十题
    [V&N2020 公开赛]TimeTravel 复现
    CTFHub web技能树之RCE初步 命令注入+过滤cat
    算法第四章作业
    算法第四章上机实践报告
    算法第三章作业
    算法第三章上机实践报告
    算法--第二章作业
    算法第二章上机报告
  • 原文地址:https://www.cnblogs.com/beyang/p/7282195.html
Copyright © 2011-2022 走看看