nginx 配置全站 https
1 . 在nginx目录下创建cert目录
拷贝下面2个文件到cert目录下
证书文件: xxx.pem
证书私钥; xxx..key
2 . 修改虚拟主机配置文件
server {
//--- 80 端口改为 443 ssl
# listen 80;
listen 443 ssl;
//--- 80 端口改为 443 ssl
server_name www.ktvll.com;
index index.html index.htm index.php;
root /www/ktvll;
include /alidata/www/ktvll/.htaccess;
//-----------新增 https 部分----------------
ssl_certificate /nginx/cert/21431193.pem;
ssl_certificate_key /nginx/cert/21431193.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
//-----------新增 https 部分----------------
location ~ .php {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
fastcgi_split_path_info ^(.+.php)(.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*.(js|css)?$
{
expires 1h;
}
access_log /alidata/log/nginx/access/default.log;
autoindex off;
error_page 404 = index.php;
}
# HTTP 全部跳转到 HTTPS
server {
listen 80;
server_name www.ktvll.com;
return 301 https://$server_name$request_uri;
}