網站最初是nginx代理80端口,實現http訪問的。現在要安裝SSL證書,使用https訪問。
我的nginx根目錄是/usr/local/nginx,將申請的SSL證書和key放在/usr/local/nginx/cert中。
以下是nginx.conf的調整內容,僅修改80和443的server,其余不變。
1.監聽80端口,強制跳轉到443端口
server {
listen 80;
server_name www.xxx.com;
rewrite ^(.*) https://$host$1 permanent;
}
2.443端口來做代理
server {
listen 443;
server_name www.xxx.com;
ssl on;
ssl_certificate ../cert/214870517280344.pem;#證書的根目錄是/usr/local/nginx/conf
ssl_certificate_key ../cert/214870517280344.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM;
ssl_prefer_server_ciphers on;
#以下部分是從listen 80的server遷移的內容
include /www/phpwind/.htaccess;
location / {
root /www/phpwind;
index index.php index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location ~ \.php$ {
root /www/phpwind;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}