step1:第一步去阿里云申请ssl免费证书
step2:配置nginx
server
{
listen 443;
server_name zig.exile.cc;
index index.html index.htm index.php default.html default.htm default.php;
root /home/wwwroot/zig.exile.cc;
ssl on;
ssl_certificate /usr/local/nginx/cert/2173934_zig.exile.cc.pem;
ssl_certificate_key /usr/local/nginx/cert/2173934_zig.exile.cc.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /.well-known {
allow all;
}
location ~ /\.
{
deny all;
}
access_log /home/wwwlogs/zig.exile.cc.log;
}
此时这个配置文件访问https://zig.exile.cc 会出现下载文件的现象,网络上很多博客都说在nginx.conf文件中加入一段配置就好了,于是小编偷偷摸摸的加入如下配置文件:
location ~ .php?.*$ {
root /usr/local/nginx/html; # 设置网站根目录
fastcgi_pass 127.0.0.1:9000; # 此处是配置过程中最大的坑 稍后说明
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME
fastcgi_script_name;
include fastcgi_params;
}
结果更坑,php_fm 压根没有在9000端口监听,压上那一段配置,nginx直接抛出502异常,小编直接懵了,最后小编查看php-fpm.conf的监听文件,才发现根本不是那么回事
最后修改后的nginx配置文件
server
{
listen 80;
#listen [::]:80;
server_name zig.exile.cc;
index index.html index.htm index.php default.html default.htm default.php;
root /home/wwwroot/zig.exile.cc;include rewrite/thinkphp.conf; #error_page 404 /404.html; # Deny access to PHP files in specific directory #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; } include enable-php-pathinfo.conf; location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d; } location ~ .*\.(js|css)?$ { expires 12h; } location ~ /.well-known { allow all; } location ~ /\. { deny all; } access_log /home/wwwlogs/zig.exile.cc.log; } server { listen 443; server_name zig.exile.cc; index index.html index.htm index.php default.html default.htm default.php; root /home/wwwroot/zig.exile.cc; ssl on; ssl_certificate /usr/local/nginx/cert/2173934_zig.exile.cc.pem; ssl_certificate_key /usr/local/nginx/cert/2173934_zig.exile.cc.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; include rewrite/thinkphp.conf; include enable-php-pathinfo.conf; if (!-e $request_filename) { rewrite ^(.*)$ /index.php$1 last; } location ~ \.php{ fastcgi_pass unix:/tmp/php-cgi.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d; } location ~ .*\.(js|css)?$ { expires 12h; } location ~ /.well-known { allow all; } location ~ /\. { deny all; } access_log /home/wwwlogs/zig.exile.cc.log; }
重启nginx
访问https://zig.exile.cc
搞定