a服務器項目使用apache,tp3.2. 要apache支持https還得安裝openssl模塊,,剛好另一台b服務器上的nginx以前用過https代理
阿里雲安全設置里端口80和443已開放
b服務器nginx代理 http跳轉到https
阿里雲域名里先添加域名解析 www和@ 指向nginx服務器所在ip
域名在阿里雲,直接買免費的ssl證書,參考 https://www.cnblogs.com/tianhei/p/7726505.html
172.31.35.222是項目apache所在a服務器內網ip
vi /opt/server/nginx/conf/vhost/www.z.com.conf
server {
listen 80;
server_name www.z.com z.com;
return 301 https://www.z.com$request_uri;
}
server {
listen 443;
server_name z.com;
ssl on;
ssl_certificate /opt/server/nginx/conf/ca1/server.pem;
ssl_certificate_key /opt/server/nginx/conf/ca1/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM;
ssl_prefer_server_ciphers on;
return 301 https://www.z.com$request_uri;
}
server {
listen 443 ;
server_name www.z.com;
ssl on;
ssl_certificate /opt/server/nginx/conf/ca1/server.pem;
ssl_certificate_key /opt/server/nginx/conf/ca1/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM;
ssl_prefer_server_ciphers on;
access_log logs/www.z.com access ;
error_log logs/www.z.com_error.log;
client_max_body_size 10m;
# proxy_buffer_size 64k;
# proxy_buffers 8 5m;
# proxy_busy_buffers_size 5m;
location / {
index index.php;
proxy_pass http://172.31.35.222;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
阿里雲的免費ssl證書只有一個域名, 又買了一個ssl證書域名是 api.z.com
阿里雲域名里先添加域名解析 api 指向nginx服務器所在ip
vi /opt/server/nginx/conf/vhost/api.z.com.conf
server {
listen 80;
server_name api.z.com;
return 301 https://api.z.com$request_uri;
}
server {
listen 443 ;
server_name api.z.com;
ssl on;
ssl_certificate /opt/server/nginx/conf/ca1/apiserver.pem;
ssl_certificate_key /opt/server/nginx/conf/ca1/apiserver.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM;
ssl_prefer_server_ciphers on;
access_log logs/api.z.com access ;
error_log logs/api.z.com_error.log;
client_max_body_size 10m;
# proxy_buffer_size 64k;
# proxy_buffers 8 5m;
# proxy_busy_buffers_size 5m;
location / {
index index.php;
proxy_pass http://172.31.35.222;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
配置完后 /opt/server/nginx/sbin/nginx -s reload
以上nginx代理https已經好了,下面做thinkphp二級域名配置
參考 https://blog.csdn.net/h330531987/article/details/69663714
apache配置泛域名
vi /usr/local/apache/conf/vhost/z.com.conf
<VirtualHost *:80>
DocumentRoot /www/web/z/
ServerName z.com
ServerAlias *.z.com
CustomLog "/logs/www.z.com_access_log" combined
ErrorLog "/logs/www.z.com_error_log"
<IfModule mod_deflate.c>
DeflateCompressionLevel 7
AddOutputFilterByType DEFLATE text/html text/plain text/xml application/x-httpd-php
AddOutputFilter DEFLATE css js html htm gif jpg png bmp php
</IfModule>
</VirtualHost>
<Directory /www/web/z/>
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
項目中添加二級域名配置
config.php中添加
'APP_SUB_DOMAIN_DEPLOY' => true, // 是否開啟子域名部署
'APP_SUB_DOMAIN_RULES' => array(
'api' => 'Api'
),// 子域名部署規則
這樣http://z.com http://www.z.com https://www.z.com https://z.com http://api.z.com https://api.z.com 都已經ok了