server
{
listen 80;
listen 443 ssl;
ssl on;
server_name 域名;
index index.html index.htm index.php default.html default.htm default.php;
ssl_certificate /usr/local/nginx/cert/21402058063066221.pem; //下载申请后阿⾥ssh提供的pem
ssl_certificate_key /usr/local/nginx/cert/21402058063066221.key;//下载申请后阿⾥ssh提供的key
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
root /home/wwwroot/⽹站⽬录;
f; //好吧,这⾥是laravel配置,不⼀定合适您哈,请或略
#error_page 404 /404.html;
f;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
access_log /home/wwwlogs/log;
}
关键在于上⾯的listen 80;
listen 443 ssl; 开启80端⼝
当然,这样玩就没有啥意义了,既然是https,就完全没必要http传输数据啦.我们必须把所有http请求转发到https,
也就是再添加⼀个虚拟机server,80端⼝⼀个
server {
listen 80;
server_name www.domain;
rewrite ^/(.*) $server_name$1 permanent; #跳转到Https
}
重写依旧不同版本可能如下
rewrite ^/(.*)$ domain/$1 permanent;
或者
rewrite ^ domain$request_uri? permanent;
现在nginx新版本已经换了种写法,上⾯这些已经不再推荐。现在⽹上可能还有很多⽂章写的是第⼀种。
下⾯是nginx http页⾯重定向到https页⾯最新⽀持的写法:
server {
listen 80;
server_name domain;
return 301 $server_name$request_uri;
}
server {
listen 443 ssl;
server_name domain;
}
但是我的nginx/1.10.0好像跑不起来,也许不⽀持这种写法吧...
下⾯是基于http转https的完整配置:
server
{
#listen 80;
listen 443;
ssl on;
server_name domain; //你的域名
如何申请域名index index.html index.htm index.php default.html default.htm default.php;
ssl_certificate /usr/local/nginx/dsci-tech/214020*********.pem;
ssl_certificate_key /usr/local/nginx/dsci-tech/214020*********.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
root /home/wwwroot/web/public;//项⽬根⽬录
f;
#error_page 404 /404.html;
f;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
}
server {
listen 80;
server_name domain;
rewrite ^/(.*) $server_name$request_uri? permanent;
}
发布评论