a服务器项目使用apache,tp3.2. 要apache支持https还得安装openssl模块,,刚好另一台b服务器上的nginx以前用过https代理
阿里云安全设置里端口80和443已开放
b服务器nginx代理 http跳转到https
阿里云域名里先添加域名解析 www和@ 指向nginx服务器所在ip
域名在阿里云,直接买免费的ssl证书,参考 https://www.cnblogs.com/tianhei/p/7726505.html
172.31.35.222是项目apache所在a服务器内网ip
vi /opt/server/nginx/conf/vhost/www.z.com.conf
server {
listen 80;
server_name www.z.com z.com;
return 301 https://www.z.com$request_uri;
}
server {
listen 443;
server_name z.com;
ssl on;
ssl_certificate /opt/server/nginx/conf/ca1/server.pem;
ssl_certificate_key /opt/server/nginx/conf/ca1/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM;
ssl_prefer_server_ciphers on;
return 301 https://www.z.com$request_uri;
}
server {
listen 443 ;
server_name www.z.com;
ssl on;
ssl_certificate /opt/server/nginx/conf/ca1/server.pem;
ssl_certificate_key /opt/server/nginx/conf/ca1/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM;
ssl_prefer_server_ciphers on;
access_log logs/www.z.com access ;
error_log logs/www.z.com_error.log;
client_max_body_size 10m;
# proxy_buffer_size 64k;
# proxy_buffers 8 5m;
# proxy_busy_buffers_size 5m;
location / {
index index.php;
proxy_pass http://172.31.35.222;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
阿里云的免费ssl证书只有一个域名, 又买了一个ssl证书域名是 api.z.com
阿里云域名里先添加域名解析 api 指向nginx服务器所在ip
vi /opt/server/nginx/conf/vhost/api.z.com.conf
server {
listen 80;
server_name api.z.com;
return 301 https://api.z.com$request_uri;
}
server {
listen 443 ;
server_name api.z.com;
ssl on;
ssl_certificate /opt/server/nginx/conf/ca1/apiserver.pem;
ssl_certificate_key /opt/server/nginx/conf/ca1/apiserver.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM;
ssl_prefer_server_ciphers on;
access_log logs/api.z.com access ;
error_log logs/api.z.com_error.log;
client_max_body_size 10m;
# proxy_buffer_size 64k;
# proxy_buffers 8 5m;
# proxy_busy_buffers_size 5m;
location / {
index index.php;
proxy_pass http://172.31.35.222;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
配置完后 /opt/server/nginx/sbin/nginx -s reload
以上nginx代理https已经好了,下面做thinkphp二级域名配置
参考 https://blog.csdn.net/h330531987/article/details/69663714
apache配置泛域名
vi /usr/local/apache/conf/vhost/z.com.conf
<VirtualHost *:80>
DocumentRoot /www/web/z/
ServerName z.com
ServerAlias *.z.com
CustomLog "/logs/www.z.com_access_log" combined
ErrorLog "/logs/www.z.com_error_log"
<IfModule mod_deflate.c>
DeflateCompressionLevel 7
AddOutputFilterByType DEFLATE text/html text/plain text/xml application/x-httpd-php
AddOutputFilter DEFLATE css js html htm gif jpg png bmp php
</IfModule>
</VirtualHost>
<Directory /www/web/z/>
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
项目中添加二级域名配置
config.php中添加
'APP_SUB_DOMAIN_DEPLOY' => true, // 是否开启子域名部署
'APP_SUB_DOMAIN_RULES' => array(
'api' => 'Api'
),// 子域名部署规则
这样http://z.com http://www.z.com https://www.z.com https://z.com http://api.z.com https://api.z.com 都已经ok了