折腾了一晚上。
事情经过是这样:
1.环境:lnmp
2.安装https证书
制作证书教程:
阿里云文档,此处略
nignx安装证书:重点
阿里云教程:https://help.aliyun.com/knowledge_detail/95491.html?spm=a2c4g.11186623.2.12.4aa434f1tZwBY4
然后不行…
1.我的环境nignx安装目录和配置文件目录不在一起。(要用nginx安装目录)
按照教程证书装上去了…
修改 nginx.conf
server {
listen 443;
server_name localhost;
ssl on;
root html; //自行修改项目路径
index index.html index.htm;
ssl_certificate cert/a.pem;
ssl_certificate_key cert/a.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
root html; //自行修改项目路径
index index.html index.htm;
}
}
还不行…处理方案:
1.阿里云443端口有没有开?
2.服务器防火墙443端口问题?
防火墙:
开放防火墙端口
添加需要监听的端口
/sbin/iptables -I INPUT -p tcp --dport 443 -j ACCEPT
保存设置
/etc/init.d/iptables save
查看状态
/etc/init.d/iptables status
临时关闭防火墙服务
service iptables stop
开启防火墙服务
service iptables start
开机不再启动防火墙服务
chkconfig iptables off
最后,非常重要:重启nginx
restart后不生效?
试试 start后stop
有时就是这样造化弄人…
ok,好了…不行,php项目出问题?在上面的server{}中补上这个
location ~ .php(.*)$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_split_path_info ^((?U).+.php)(/?.+)$;
fastcgi_param SCRIPT_FILENAME
d
o
c
u
m
e
n
t
r
o
o
t
document_root
documentrootfastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED
d
o
c
u
m
e
n
t
r
o
o
t
document_root
documentrootfastcgi_path_info;
include fastcgi_params;
}
变成这样:
server {
listen 443;
server_name localhost;
ssl on;
root html; //自行修改项目路径
index index.html index.htm;
ssl_certificate cert/a.pem;
ssl_certificate_key cert/a.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
root html; //自行修改项目路径
index index.html index.htm;
}
location ~ \.php(.*)$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
include fastcgi_params;
}
}