1、通过阿里云 管理控制台 安全(云盾) CA证书服务(数据安全)申请免费的证书【有效期一年】
根据提示,做设置DNS等操作,待自动审核通过后,下载证书,放到/etc/nginx/cert/
注:我这是选择了两个文件,阿里云解析。
2、然后,修改nginx的server设置
#vi /etc/nginx/vhost.conf
server {
listen 443 ssl;
server_name xcx.youdomain.com;
ssl on;
ssl_certificate /etc/nginx/cert/2145************656.pem;
ssl_certificate_key /etc/nginx/cert/2145************656.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
root /data/www/youdomain/www/xcx;
index index.html index.htm index.php;
error_page 404 /404.html;
location = /404.html {
return 404 'Sorry, File not Found!';
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html; # windows dir
}
location / {
try_files $uri @rewrite;
}
location @rewrite {
set $static 0;
if ($uri ~ \.(css|js|jpg|jpeg|png|gif|ico|woff|eot|svg|css\.map|min\.map)$) {
set $static 1;
}
if ($static = 0) {
rewrite ^/(.*)$ /index.php?s=/$1;
}
}
location ~ /Uploads/.*\.php$ {
deny all;
}
location ~ \.php/ {
if ($request_uri ~ ^(.+\.php)(/.+?)($|\?)) { }
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
fastcgi_param SCRIPT_NAME $1;
fastcgi_param PATH_INFO $2;
fastcgi_param SCRIPT_FILENAME $document_root$1;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
3、重启nginx
#service nginx restart
4、看效果
