LNMP环境下配置SSL

Nginx配置SSL示例

 server
    {
        listen 443 ssl;
        #ssl on;
        server_name wo.dj47.top;
        index index.php index.html index.htm;
        root  /home/wwwroot/default/wo/public;
 
        ssl_certificate   /usr/local/nginx/conf/cert/4399318_wo.dj47.top.pem;
        ssl_certificate_key  /usr/local/nginx/conf/cert/4399318_wo.dj47.top.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
 
        include enable-php.conf;
 
        #入口文件隐藏
        location / {
          if (!-e  $request_filename) {
             rewrite ^/(.*)$ /index.php?s=$1 last;
           }
        }
 
        location /nginx_status
        {
            stub_status on;
            access_log   off;
        }
 
        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }
 
        location ~ .*\.(js|css)?$
        {
            expires      12h;
        }
 
        location ~ /\.
        {
            deny all;
        }
 
        access_log  /home/wwwlogs/wo_dj47_top_access.log;
        error_log  /home/wwwlogs/wo_dj47_top_error.log;
    }

HTTP跳转HTTPS示例

#301跳转

#rewrite ^(.*) https://$host$1 permanent;

if ($scheme = http ) {

return 301 https://$host$request_uri;

}

 server
    {
        listen 80;
        server_name wo.dj47.top;
        index index.php index.html index.htm;
        root  /home/wwwroot/default/wo/public;
 
        #301跳转
        #rewrite ^(.*) https://$host$1 permanent;
        if ($scheme = http ) {
            return 301 https://$host$request_uri;
        }
 
    include enable-php-pathinfo.conf;
 
    #入口文件隐藏
        location / {
          if (!-e  $request_filename) {
             rewrite ^/(.*)$ /index.php?s=$1 last;
           }
        }
 
 
        location /nginx_status
        {
            stub_status on;
            access_log   off;
        }
 
        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }
 
        location ~ .*\.(js|css)?$
        {
            expires      12h;
        }
 
        location ~ /\.
        {
            deny all;
        }
 
        access_log  /home/wwwlogs/wo_dj47_top_access.log;
        error_log  /home/wwwlogs/wo_dj47_top_error.log;
    }

注：如遇：nginx配置SSL后报错nginx: [warn] the “ssl” directive is deprecated, use the “listen … ssl” 的解决方法

大意为提示原有ssl on;这个配置已失效使用listen 443 ssl;替代

 server {
        listen 443 ssl;
        server_name wo.dj47.top;
        index index.php index.html index.htm;
        root  /home/wwwroot/default/wo/public;
 
        ssl_certificate   /usr/local/nginx/conf/cert/4399318_wo.dj47.top.pem;
        ssl_certificate_key  /usr/local/nginx/conf/cert/4399318_wo.dj47.top.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
}

发送评论编辑评论

分享到微信

发送评论 编辑评论

推荐文章

发送评论编辑评论