为什么有这个需求,因为Let’s Encrypt的证书有一个URL必须在80端口认证,很多配置都是全跳到https这就有问题了
参考文章:http://www.tuicool.com/articles/NVNvUf3
主要是配两个server,80端口配置Let’s Encrypt认证的URL和跳转,443端口的配置SSL
我的配置如下
server
{
listen 80;
#listen [::]:80;
server_name blog.vvvtimes.com;
index index.html index.htm index.php default.html default.htm default.php;
root /home/wwwroot/blog.vvvtimes.com;
#error_page 404 /404.html;
location ~ /.well-known/acme-challenge/(.*)
{
default_type text/plain;
}
location / {
return 301 https://$server_name$request_uri;
}
access_log /home/wwwlogs/blog.vvvtimes.com.log;
}
server
{
listen 443 ssl;
#listen [::]:80;
server_name blog.vvvtimes.com;
index index.html index.htm index.php default.html default.htm default.php;
root /home/wwwroot/blog.vvvtimes.com;
ssl_certificate /etc/letsencrypt/live/www.vvvtimes.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.vvvtimes.com/privkey.pem;
ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
include wordpress.conf;
#error_page 404 /404.html;
include enable-php.conf;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /\.
{
deny all;
}
access_log /home/wwwlogs/blog.vvvtimes.com.log;
}