自己搭建服务器--phpstudy2018配置ssl证书,2016版本配置基本同这个

目录

自建服务器注意

启动nginx服务环境

配置ssl

完整配置nginx.conf展示

---

实现效果:自己搭建服务器--phpstudy2018配置ssl证书

自建服务器注意

1.是否自定义安全策略,比如重置admin.php, admin文件,路由规则不带特别符号,否则重置,如果对接自建服务器,切忌沟通内部配置;

2.限制策略,限制外网,限制端口,限制cmd中icmp协议,切忌沟通清楚,尽量别代码中引入本地资源,否则限制后,无法引入,找不到错;

---

1. 启动nginx服务器,原因:比apache更稳定,能承担更多并发;一般情况,不建议使用apache服务器;

2. 在自己服务器配置ssl,满足微信小程序等必须ssl的地方使用;

启动nginx服务环境

注意: nginx启动后,tp5项目根目录如果已指向public,需要配置伪静态,如果项目接口框架和vue打的包在一层,不需要配置,

         目前我们公司项目暂时不需要配置;

伪静态代码:  配置后,api请求时,可以不带入口index.php,当然也可以带

location / {
            index  index.html index.htm index.php l.php;
            autoindex  off;
            if (!-e $request_filename) {
   		          rewrite  ^(.*)$  /index.php?s=/$1  last;
                break;
             }
        }       

配置ssl

配置ssl注意:

1. 外部有一个域名指向内部服务器443端口,如果没有指向443,需要nginx代理转发解决,代码如下,利用80端口配置ssl;其中,test.nbtool.top是我解析到本配置服务器的测试域名;

server
       {
            listen 80;
            server_name  localhost;
            location / { 
                proxy_pass https://test.nbtool.top;
            }
       }

 2.挂载证书

        ssl               on;
        ssl_certificate      C:/phpstudy/PHPTutorial/nginx/3473701_test.nbtool.top.pem;
        ssl_certificate_key   C:/phpstudy/PHPTutorial/nginx/3473701_test.nbtool.top.key;
 
        ssl_session_timeout  5m; 
       
        ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
        ssl_prefer_server_ciphers   on;

重启nginx服务器,实现配置,具体phpstudy2018配置文件见下面;可以解决发送到微信环境的请求域名都带ssl; 微信系列ssl实质就是,本地项目最底层的接口请求微信服务器的域名必须带ssl, 而不是随便配置一个ssl转发外在的ssl;

完整配置nginx.conf展示

#  power by www.php.cn
#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;
    #tcp_nodelay on;
  fastcgi_connect_timeout 300;
  fastcgi_send_timeout 300;
  fastcgi_read_timeout 300;
  fastcgi_buffer_size 128k;
  fastcgi_buffers 4 128k;
  fastcgi_busy_buffers_size 256k;
  fastcgi_temp_file_write_size 256k;

  #gzip  on;
  gzip on;
  gzip_min_length  1k;
  gzip_buffers     4 32k;
  gzip_http_version 1.1;
  gzip_comp_level 2;
  gzip_types       text/plain application/x-javascript text/css application/xml;
  gzip_vary on;
  gzip_disable "MSIE [1-6].";

  server_names_hash_bucket_size 128;
  client_max_body_size     100m; 
  client_header_buffer_size 256k;
  large_client_header_buffers 4 256k;

       server
       {
            listen 80;
            server_name  localhost;
            location / { 
                proxy_pass https://test.nbtool.top;
            }
       }


    server {
        listen      443;
        server_name  test.nbtool.top;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;
        root    "C:/www/tool/public";

        ssl                  on;
        ssl_certificate      C:/phpstudy/PHPTutorial/nginx/3473701_test.nbtool.top.pem;
        ssl_certificate_key   C:/phpstudy/PHPTutorial/nginx/3473701_test.nbtool.top.key;
 
        ssl_session_timeout  5m;
 
        #ssl_protocols  SSLv2 SSLv3 TLSv1;
        #ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
        ssl_prefer_server_ciphers   on;





        location / {
            index  index.html index.htm index.php l.php;
            autoindex  off;
            if (!-e $request_filename) {
   		          rewrite  ^(.*)$  /index.php?s=/$1  last;
                break;
             }
        }       

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        location ~ \.php(.*)$  {
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_split_path_info  ^((?U).+\.php)(/?.+)$;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            fastcgi_param  PATH_INFO  $fastcgi_path_info;
            fastcgi_param  PATH_TRANSLATED  $document_root$fastcgi_path_info;
            include        fastcgi_params;
        }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443;
    #    server_name  localhost;

    #    ssl                  on;
    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_timeout  5m;

    #    ssl_protocols  SSLv2 SSLv3 TLSv1;
    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers   on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

include vhosts.conf;

}