网站最初是nginx代理80端口,实现http访问的。现在要安装SSL证书,使用https访问。
我的nginx根目录是/usr/local/nginx,将申请的SSL证书和key放在/usr/local/nginx/cert中。
以下是nginx.conf的调整内容,仅修改80和443的server,其余不变。
1.监听80端口,强制跳转到443端口
server {
listen 80;
server_name www.xxx.com;
rewrite ^(.*) https://$host$1 permanent;
}
2.443端口来做代理
server {
listen 443;
server_name www.xxx.com;
ssl on;
ssl_certificate ../cert/214870517280344.pem;#证书的根目录是/usr/local/nginx/conf
ssl_certificate_key ../cert/214870517280344.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM;
ssl_prefer_server_ciphers on;
#以下部分是从listen 80的server迁移的内容
include /www/phpwind/.htaccess;
location / {
root /www/phpwind;
index index.php index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location ~ \.php$ {
root /www/phpwind;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}