一般在安装完nginx的时候,不直接修改nginx的默认配置文件nginx.conf,而是在nginx.conf的http段里面添加一个include:
include /etc/nginx/conf.d/vhost/*.conf;
1. openssl genrsa -out privkey.pem 2048 创建服务器密钥
2. openssl req -new -key privkey.pem -out cert.cs 创建服务器签名
3. openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095 自己测试使用申请好网站的证书,然后rz到服务器,在nginx的配置文件指定证书以及服务器密钥位置即可。
server
{
listen 443;
# listen 80;
server_name localhost;
client_header_buffer_size 16k;
large_client_header_buffers 4 32k;
client_max_body_size 300m; 客户端上传文件大小
client_body_buffer_size 128k;
ssl on;
ssl_certificate /data/cacert.pem;
ssl_certificate_key /data/privkey.pem;
ssl_session_cache shared:SSL:1m; 设置ssl/tls会话缓存的类型和大小,官网介绍说1M可以存放约4000个sessions。
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /data/fonts/web;
index index.php;
proxy_connect_timeout 3000;
proxy_send_timeout 3000;
proxy_read_timeout 3000;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
if (!-e $request_filename) {
rewrite ^/index.php(.*)$ /index.php?s=$1 last;
rewrite ^(.*)$ /index.php?s=$1 last;
break;
}
}
location ~ \.php$ {
root /data/fonts/web;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
----------------------------------------------------------------------------------------------------------------------------------
强制使用https访问(自动重定向到https)server {
listen 80;
server_name www.mytest.cn;
rewrite ^(.*)$ https://$host$1 permanent;
}
#这样在浏览器输入http://www.mytest.cn/art/index会自动跳转到https://www.mytest.cn/art/index