SSL配置文档

 

1. cd /usr/local/nginx/cert //没有cert文件夹就创建一个

把解压出来的证书放到该目录中

2. cd /usr/local/nginx/conf/vhost/

vi 当前要修改的vhost的conf

在文档最后加入一个server{}

server {

    listen 443;

    server_name projects.archisense.cn ;

    ssl on;

    //证书就是上面步骤存放的证书

    ssl_certificate    /usr/local/nginx/cert/1578510_projects.archisense.cn.pem;

    ssl_certificate_key   /usr/local/nginx/cert/1578510_projects.archisense.cn.key;

    ssl_session_timeout 5m;

    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    ssl_prefer_server_ciphers on;

    

//以下配置与普通http配置相同

    index index.html index.htm index.php default.html default.htm default.php;

    root  /data/wwwroot/projects.archisense.cn;

 

    include other.conf;

        #error_page   404   /404.html;

 

        # Deny access to PHP files in specific directory

        #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }

 

        include enable-php.conf;

 

location /sprite-utc {

            # Redirect everything that isn't a real file to index.php

            try_files $uri $uri/ /sprite-utc/index.php?$args;

        }

 

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$

        {

            expires      30d;

        }

 

        location ~ .*\.(js|css)?$

        {

            expires      12h;

        }

 

        location ~ /.well-known {

            allow all;

        }

 

        location ~ /\.

        {

            deny all;

        }

 

 

}

 

3.http转发至https

在原本server 80端口的配置中加入

rewrite ^(.*)$  https://$host$1 permanent;

就可以讲http的访问转发到https

 

 

保存文件，重启nginx