ssl.conf文件:
server {
listen 443;
server_name www.domain.com; # 改为绑定证书的域名
ssl on;
ssl_certificate 1_www.domain.com_bundle.crt; # 改为自己申请得到的 crt 文件的名称
ssl_certificate_key 2_www.domain.com.key; # 改为自己申请得到的 key 文件的名称
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
root /usr/share/nginx/html; #站点目录
index index.html index.htm;
}
}
SSL实际配置,带rewrite,php-fpm
server { listen 80; server_name localhost; root "/www/demo"; index index.html index.htm index.php; #重定向到 rewrite ^(.*) https://$host$1 permanent; } server { listen 443; server_name localhost; ssl on; root "/www/demo"; index index.html index.htm; ssl_certificate cert/214097075070201.pem; ssl_certificate_key cert/214097075070201.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; #url重写配置 location / { try_files $uri @rewrite; client_max_body_size 30m; } location @rewrite { set $static 0; if ($uri ~ .(css|js|jpg|jpeg|png|gif|ico|woff|eot|svg|css.map|min.map)$) { set $static 1; } if ($static = 0) { rewrite ^/(.*)$ /index.php?s=/$1; } } location ~ /Uploads/.*.php$ { deny all; } location ~ .php/ { if ($request_uri ~ ^(.+.php)(/.+?)($|?)) { } fastcgi_pass 127.0.0.1:9000; include fastcgi_params; fastcgi_param SCRIPT_NAME $1; fastcgi_param PATH_INFO $2; fastcgi_param SCRIPT_FILENAME $document_root$1; } location ~ .php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } location ~ /.ht { deny all; } }