1.下载证书ssl放到cert目录下
cd /usr/local/nginx/conf mkdir cert
2.修改配置文件
/usr/local/nginx/conf/vhost/xxx.conf
3.加入如下的代码到server中
ssl_certificate /usr/local/nginx/conf/cert/www.caves.vip.crt;
ssl_certificate_key usr/local/nginx/conf/cert/www.caves.vip.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
4.修改监听端口为443
5.把80端口监听到的http请求跳转到443端口的https
server {
listen 80;
server_name www.caves.vip;
rewrite ^(.*)$ https://$host$1 permanent;
}
6.检测配置文件是否有问题
/usr/local/nginx/sbin/nginx -t
7.重启nginx服务
/usr/local/nginx/sbin/nginx -s reload
例子:
server {
listen 80;
server_name www.caves.vip;
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
listen 443;
server_name www.caves.vip;
ssl on;
access_log /mnt/nginx/logs/shwh/access.log main;
root /mnt/shwh/public;
ssl_certificate cert/www.caves.vip.crt;
ssl_certificate_key cert/www.caves.vip.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|zip|exe|txt|ico|rar|htm|html)$
{
expires 30d;
}
location ~ .*\.(swf|mp3|wmv|wma|mp4|mpg|flv)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 30h;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /mnt/shwh/public/$fastcgi_script_name;
include fastcgi_params;
}
}