CentOS、windows(phpstudy-nginx-php) 环境下亲测有效,
且通过 https://myssl.com 检测,达到 A+ 级别,PCI DSS 合格
nginx 环境下 http 跳转https,配置文件(.conf)写法:
server {
listen 80;
server_name xxxxxxxxx.com www.xxxxxxxxx.com;
root "指向的路径";
rewrite ^(.*)$ https://www.xxxxxxxxx.com$1 permanent;
location / {
index index.php index.html index.htm;
}
location ~ \.php(.*)$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
include fastcgi_params;
}
}
server {
listen 443;
server_name xxxxxxxxx.com www.xxxxxxxxx.com;
if ($host = 'xxxxxxxxx.com' ){
rewrite ^/(.*)$ https://www.xxxxxxxxx.com/$1 permanent;
}
root "指向的路径";
ssl on;
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.1 TLSv1.2 SSLv2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000";
location ~ .*\.(php|php5)?$
{
#fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 1h;
}
}