https环境配置 nginx版
今天研究了下https环境配置 比我想象的简单许多 步骤如下
1首先去阿里云搜索ssl ca证书 一个账号可以免费申请20个 一个绑定一个域名 期限为1年
2然后按照点击验证 等候Symantec验证
3验证通过后点击下载
4下载后解压缩文件会得到pem和key 这两个需要放到你服务器上
5接下来你需要如下配置nginx
server {
listen 443 ssl default;
server_name www.baidu.com;
root /mnt/www/baidu/public;#你的项目入口
ssl on;
ssl_certificate /etc/ssl/www.baidu.pem;
ssl_certificate_key /etc/ssl/www.baidu.key;
keepalive_timeout 70;
server_tokens off;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
access_log /var/log/nginx/baidu.log access;
error_log /var/log/nginx/err_baidu.log error;
index index.php index.html;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location /app {
add_header 'Access-Control-Allow-Origin' '*' 'always';
alias /mnt/www/static_app/public/app-dev;
try_files $uri $uri/ /index.php?$query_string;
}
location /pages/audition/ {
add_header 'Access-Control-Allow-Origin' '*' 'always';
try_files $uri $uri/ /pages/audition/;#需要指向下面的@router否则会出现vue的路由在nginx中刷新出>现404
index index.html index.htm;
}
location /pages/pages/ {
add_header 'Access-Control-Allow-Origin' '*' 'always';
try_files $uri $uri/ /pages/pages/;#需要指向下面的@router否则会出现vue的路由在nginx中刷新出现404
index index.html index.htm;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass php-fpm;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 80;
server_name www.baidu.com;
rewrite ^(.*) https://$host$1 permanent;
}
最后是监听80端口把http请求重写到https