First, the cloud server to request a certificate
After here to buy free ssl certificate, the application is complete, you can download directly in the service platform, in the following directory, where reference recommended configuration Ali cloud, conf directory under the installation directory of nginx create cert folder, extract the certificate cert on the folder, not just because of my nginx configuration of an application, are configured in the conf vhost
directory
Be sure to note the location, file not found error otherwise nginx will start
And the background of the picture in the article wordpress forced https setting.
wordpress upload the pictures are written into the absolute address, that is, before the https enabled all the pictures are uploaded to the article to http://
an address stored in the beginning, if not converted to https access the site at the top of the browser "small lock" will in some the browser displays a security warning, https address so that the picture becomes very simple, just in the current topic functions.php
, add the following code file:
/* 替换图片链接为 https */
function my_content_manipulator($content){
if( is_ssl() ){
$content = str_replace('http://www.imisty.cn/wp-content/uploads', 'https://www.imisty.cn/wp-content/uploads', $content);
}
return $content;
}
add_filter('the_content', 'my_content_manipulator');
Can automatically http address all site-wide picture is automatically converted to https address picture.
Open https login and backstage access.
- Open the Web site under the root directory of
wp-config.php
the file, add at the bottom of the file:
/* 强制后台和登录使用 SSL */
define('FORCE_SSL_LOGIN', true);
define('FORCE_SSL_ADMIN', true);
Then in the admin interface
设置-常规-wordpress地址和站点地址
changed to httpsTo ensure that every element of the site (such as plug-ins, JS, CSS files, images, content distribution sites, etc.) are using the https protocol :( can look at chromeF12 there is no alarm)
All "Custom Link" to https Edit "menu" of them;
Modify addresses of other absolute link their cheap hand written ......
Http to replace all of the articles https
Directly modify the database (note that you back up! Note that you back up !! attention to back up important things to say !!! three times!)
UPDATE wp_posts
SET post_content = ( Replace (post_content, 'http://www.imisty.cn/', 'https://www.imisty.cn/') );
But during the actual operation, I found no need to use this step, after all, a little dangerous, so I'll be backstage after the completion of the site https setting, after the discovery of 404 articles visit, and then modify the simple link directly passing or modify the database using built-in WordPress white modified to me do not know PHP is still very good
Begin configuring the site's configuration file, my configuration is as follows
At this time, although the site supports HTTPS access, but also can use HTTP to access, taking into account the search engine is currently included are HTTP links, you need to redirect http to https.
server {
listen 80;
server_name www.imisty.cn imisty.cn;
return 301 https://www.imisty.cn$request_uri;
root /var/www/html/wordpress;
index index.html index.htm index.php;
client_max_body_size 100M;
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php$1 last;
}
location ~ .*\.php(\/.*)*$ {
include fastcgi.conf;
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:9000;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
}
error_log logs/error_wordpress.log;
access_log logs/misty.log combined;
}
server {
listen 443 ssl;
server_name www.imisty.cn imisty.cn;
root /var/www/html/wordpress;
index index.html index.htm index.php;
client_max_body_size 100M;
ssl_certificate cert/misty.pem;
ssl_certificate_key cert/misty.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location ~ .*\.php(\/.*)*$ {
include fastcgi.conf;
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:9000;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
}
}
Verify the configuration is correct
/usr/local/nginx/sbin/nginx -t
Nginx module installation http_ssl_module
If you do not enable SSL Nginx module configured Https when an error
nginx: [emerg] the "ssl" parameter requires ngx_http_ssl_module in /usr/local/nginx/conf/nginx.conf:xxx
Because when configured nginx already installed, but not installed ssl module
The following steps are to install nginx module ssl
- Enter the ssl nginx source package
cd ~/MyFille/nginx
A
configure
mounting module specified
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
make compile
make
4. Be sure not to execute make install, otherwise cover installed.Backup original nginx
cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx_bak
6. compiled nginx will just replace the original, be sure to stop, otherwise it will display the file busy
cp ./objs/nginx /usr/local/nginx/sbin/
7. Check installation, normal installation instructions following information
[root@izwz993bv9azta8nrfwuhqz sbin]# ./nginx -V
nginx version: nginx/1.16.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
common problem
Nginx start when there are mistakes
解决Nginx: [error] open() "/usr/local/Nginx/logs/Nginx.pid" failed(2:No such file or directory)
Solution
/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
usingnginx -c
the parameters specified nginx.conf location of the file, note the location where the configuration file is best to use an absolute path
Ali cloud recommended nginx configuration warning message
[warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead
nginx 1.15 and later versions, do not need to write ssl on; a.
Changed
应该把 ssl on 改成 listen 443 ssl 这样才对
Home and normal background management https access, access another page 404 errors
This pseudo-static problems with access to information that, in the end use simple links to solve this problem, because I do not want to get to the bottom
WP Editor.md card loaded after modify the interface to access https
The problem I find is the time to find the front debugging js loaded using https need to address to https, and finally I chose to escape from problem-solving to switch to WP Githuber MD, another reason is that the author is no longer maintained WP Editor.md the
Small indeed fortunate
每一丝灵感都值得被记录,每一笔记录都是成长,每一点成长都值得欢呼
Personal bloggers station: www.imisty.cn
CSDN blog: https://blog.csdn.net/lookinthefog
blog Park: https://imist.cnblogs.com/
Hope to know some tech-savvy small partner, welcome to the Friends link yo