server {
listen 443;
server_name www.loaclhost.com;
ssl on;
root /web;
ssl_certificate /data/ssl/xxx.crt;
ssl_certificate_key /data/ssl/xxx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM;
ssl_prefer_server_ciphers on;
location / {
index index.html index.htm index.php;
}
location ~ .*\.(php|php5)?$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
fastcgi_param HTTPS $https if_not_empty;
}
access_log logs/ssl_access.log main;
error_log logs/ssl_error.log notice;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
配置如上所示,可以设置rewrite规则强制跳转https