1 log_format www.44755.com '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' 2 '"$http_user_agent" $http_x_forwarded_for'; 3 server 4 { 5 listen 80; 6 listen 443 ssl; 7 server_name www.44755.com; 8 index index.html index.htm index.php default.html default.htm default.php; 9 root /data/www/44755; 10 #include cindex.conf; 11 12 location ~ .git 13 { 14 deny all; 15 } 16 17 location / { 18 if (!-e $request_filename){ 19 rewrite (.*) /index.php; 20 } 21 } 22 23 location ~ ^/bbs/.*.(php|php5)?$ 24 { 25 root /data/www; 26 27 #try_files $uri =404; 28 #fastcgi_pass unix:/tmp/php-cgi.sock; 29 fastcgi_pass 127.0.0.1:9000; 30 fastcgi_index index.php; 31 include fastcgi.conf; 32 } 33 '$status $body_bytes_sent "$http_referer" ' 34 '"$http_user_agent" $http_x_forwarded_for'; 35 server 36 { 37 listen 80; 38 listen 443 ssl; 39 server_name www.44755.com; 40 index index.html index.htm index.php default.html default.htm default.php; 41 root /data/www/44755; 42 #include cindex.conf; 43 44 location ~ .git 45 { 46 deny all; 47 } 48 49 location / { 50 if (!-e $request_filename){ 51 rewrite (.*) /index.php; 52 } 53 } 54 55 location ~ ^/bbs/.*.(php|php5)?$ 56 { 57 root /data/www; 58 59 #try_files $uri =404; 60 #fastcgi_pass unix:/tmp/php-cgi.sock; 61 fastcgi_pass 127.0.0.1:9000; 62 fastcgi_index index.php; 63 include fastcgi.conf; 64 } 65 location ~ ^/bbs/.*.(php|php5)?$ 66 { 67 root /data/www; 68 #try_files $uri =404; 69 #fastcgi_pass unix:/tmp/php-cgi.sock; 70 fastcgi_pass 127.0.0.1:9000; 71 fastcgi_index index.php; 72 include fastcgi.conf; 73 } 74 location ~ ^/bbs { 75 root /data/www; 76 } 77 location ~ .*.(php|php5)?$ 78 { 79 #try_files $uri =404; 80 #fastcgi_pass unix:/tmp/php-cgi.sock; 81 fastcgi_pass 127.0.0.1:9000; 82 fastcgi_index index.php; 83 include fastcgi.conf; 84 } 85 location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$ 86 { 87 expires 30s; 88 } 89 location ~ .*.(js|css)?$ 90 { 91 expires 12s; 92 } 93 ssl_certificate /usr/local/nginx/conf/sslkey/1_www.44755.com_bundle.crt; 94 ssl_certificate_key /usr/local/nginx/conf/sslkey/2_www.44755.com.key; 95 ssl_session_timeout 5m; 96 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 97 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; 98 ssl_prefer_server_ciphers on; 99 #access_log /data/logs/www.44755.com.log www.44755.com; 100 access_log off; 101 error_log /data/logs/solo.44755.com.err.log; 102 }
这个是域名的配置文件。
nginx配置http和https共存 的方法:
1 server { 2 listen 80; 3 listen 443 ssl; 4 server_name test.xx.com; 5 index index.html index.htm index.php; 6 root /usr/local/default; 7 location ~ .*.(php|php5)?$ 8 { 9 #fastcgi_pass unix:/tmp/php-cgi.sock; 10 fastcgi_pass 127.0.0.1:9000; 11 fastcgi_index index.php; 12 include fastcgi.conf; 13 } 14 location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$ 15 { 16 #expires 30d; 17 } 18 location ~ .*.(js|css)?$ 19 { 20 #expires 1h; 21 } 22 23 access_log logs/test.access.log; 24 ssl_certificate /x.com_bundle.crt; 25 ssl_certificate_key /x.com.key; 26 ssl_session_timeout 5m; 27 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 28 ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL; 29 ssl_prefer_server_ciphers on; 30 }
一定要注意,如果是用的Nginx服务器,如果访问http可以,访问https出现403错误的话,需要查看一下是否配置错文件,对于多域名配置需要去vhost文件家里面的对应域名中配置站点的端口号:
/usr/local/nginx/conf/vhost,不要去/usr/local/nginx/conf/下面的nginx.conf
如果还有问题记得开启php.ini中的openssl扩展
nginx配置单向和双向认证
上面主要是完成了单向认证,如果还想服务端来验证客户端的证书是否正常,那还的生成客户端证书,也就是自签名了,这里不写自签名证书怎么做,网上一大堆。这里写怎么配置,配置:
配置完了之后,浏览器还需要导入客户端证书文件,如图,火狐浏览器导入p12格式的个人证书文件。打开火狐的选项,点击“高级”,在选项卡下面选择“证书”
http默认是80端口,https默认是443端口
如果遇到下面的情况:
可能得原因是:如果域名申请证书无误的话,那就是因为可能用了CDN加速,或者域名解析的主机不对,查找域名解析的主机和你修改的文件的主机是否一致,或者是否用的CDN加速