HTTPS无疑是要更安全点,但证书折腾也是个体力活,要用好的证书还会有不少的费用产生,当然也有免费的证书,体验盒子在2017年的时候正式启用了HTTPS,最近有人来问
步骤
准备好https证书文件(今天不讲这个环节,改天补充);
修改Nginx配置;
修改替换站内已有http连接为https
启用https Nginx配置
##
# @server online
# @host uedbox.com
# @desc nginx host rules
##
# HTTP Server
server {
listen 80;
server_name uedbox.com www.uedbox.com;
rewrite ^ https://$server_name$request_uri permanent;
}
# HTTPS Server
server {
listen 443;
server_name uedbox.com www.uedbox.com;
root /var/www/path;
index index.php;
error_log /var/log/nginx/uedbox.com.log crit;
ssl on;
ssl_certificate /etc/nginx/ssl/uedbox.com.crt;
ssl_certificate_key /etc/nginx/ssl/uedbox.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # do not use SSLv3 ref: POODLE
client_max_body_size 20M;
location / {
try_files $uri $uri/ /index.php;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~* \.(eot|ttf|woff)$ {
add_header Access-Control-Allow-Origin '*';
}
location ~/\.ht {
deny all;
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
##
# @server online
# @host uedbox.com
# @desc nginx host rules
##
# HTTP Server
server{
listen80;
server_nameuedbox.comwww.uedbox.com;
rewrite^https://$server_name$request_uri permanent;
}
# HTTPS Server
server{
listen443;
server_nameuedbox.comwww.uedbox.com;
root/var/www/path;
indexindex.php;
error_log/var/log/nginx/uedbox.com.logcrit;
sslon;
ssl_certificate/etc/nginx/ssl/uedbox.com.crt;
ssl_certificate_key/etc/nginx/ssl/uedbox.com.key;
ssl_protocolsTLSv1TLSv1.1TLSv1.2;# do not use SSLv3 ref: POODLE
client_max_body_size20M;
location/{
try_files$uri$uri//index.php;
}
location~\.php${
fastcgi_split_path_info^(.+\.php)(/.+)$;
fastcgi_passunix:/var/run/php5-fpm.sock;
fastcgi_indexindex.php;
includefastcgi_params;
}
location~*\.(eot|ttf|woff)${
add_headerAccess-Control-Allow-Origin'*';
}
location~/\.ht{
denyall;
}
}
规则解释:启用443端口,指定域名及证书,并设置跨域Header权限(这一步关键,如果不设置跨域的话后边站内所有连接的http都会在console显示不安全警告)。
上面的规则中你需要把网址/程序路径/ssl证书路径改为你自己的,同时如果你有自己的其它设定也要加进去,如果没有只是单纯的WordPress程序直接使用即可,然后重启Nginx服务。
重启后这时候你在服务层已经启用了https服务了。
启用https修改站点地址及内链地址
修改wordpress后台设置中的wordpress地址及站点地址为https;
在我们主题的模板中,找到function.php中,尾部增加如下代码:
//WordPress SSL
add_filter('get_header', 'fanly_ssl');
function fanly_ssl(){
if( is_ssl() ){
function fanly_ssl_main ($content){
$siteurl = get_option('siteurl');
$upload_dir = wp_upload_dir();
$content = str_replace( 'http:'.strstr($siteurl, '//'), 'https:'.strstr($siteurl, '//'), $content);
$content = str_replace( 'http:'.strstr($upload_dir['baseurl'], '//'), 'https:'.strstr($upload_dir['baseurl'], '//'), $content);
return $content;
}
ob_start("fanly_ssl_main");
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
//WordPress SSL
add_filter('get_header','fanly_ssl');
functionfanly_ssl(){
if(is_ssl()){
functionfanly_ssl_main($content){
$siteurl=get_option('siteurl');
$upload_dir=wp_upload_dir();
$content=str_replace('http:'.strstr($siteurl,'//'),'https:'.strstr($siteurl,'//'),$content);
$content=str_replace('http:'.strstr($upload_dir['baseurl'],'//'),'https:'.strstr($upload_dir['baseurl'],'//'),$content);
return$content;
}
ob_start("fanly_ssl_main");
}
}
目的是将我们内链的图片等地址的http用https代替,使用上面函数并不是从数据库内彻底替换https,而是进行了转换,如果你需要彻底的转换,则需要执行下面SQL:
# 资源附件
UPDATE wp_posts SET post_content = REPLACE(post_content,'http://www.uedbox.com/wp-content/uploads','https://www.uedbox.com/wp-content/uploads')
# 描连接等
UPDATE wp_posts SET post_content = replace(post_content, 'http://www.uedbox.com/','https://www.uedbox.com/');
1
2
3
4
5
# 资源附件
UPDATEwp_postsSETpost_content=REPLACE(post_content,'http://www.uedbox.com/wp-content/uploads','https://www.uedbox.com/wp-content/uploads')
# 描连接等
UPDATEwp_postsSETpost_content=replace(post_content,'http://www.uedbox.com/','https://www.uedbox.com/');
运行前请务必先备份数据库,连接换成你自己的。
结束,跟着步骤做完,你的
915
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
