SSL 证书配置nginx
2023-09-14 09:07:52 时间
ssl.conf文件:
server {
listen 443;
server_name www.domain.com; # 改为绑定证书的域名
ssl on;
ssl_certificate 1_www.domain.com_bundle.crt; # 改为自己申请得到的 crt 文件的名称
ssl_certificate_key 2_www.domain.com.key; # 改为自己申请得到的 key 文件的名称
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
root /usr/share/nginx/html; #站点目录
index index.html index.htm;
}
}
SSL实际配置,带rewrite,php-fpm
server { listen 80; server_name localhost; root "/www/demo"; index index.html index.htm index.php; #重定向到 rewrite ^(.*) https://$host$1 permanent; } server { listen 443; server_name localhost; ssl on; root "/www/demo"; index index.html index.htm; ssl_certificate cert/214097075070201.pem; ssl_certificate_key cert/214097075070201.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; #url重写配置 location / { try_files $uri @rewrite; client_max_body_size 30m; } location @rewrite { set $static 0; if ($uri ~ \.(css|js|jpg|jpeg|png|gif|ico|woff|eot|svg|css\.map|min\.map)$) { set $static 1; } if ($static = 0) { rewrite ^/(.*)$ /index.php?s=/$1; } } location ~ /Uploads/.*\.php$ { deny all; } location ~ \.php/ { if ($request_uri ~ ^(.+\.php)(/.+?)($|\?)) { } fastcgi_pass 127.0.0.1:9000; include fastcgi_params; fastcgi_param SCRIPT_NAME $1; fastcgi_param PATH_INFO $2; fastcgi_param SCRIPT_FILENAME $document_root$1; } location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } location ~ /\.ht { deny all; } }
相关文章
- PHP 配置默认SSL CA证书
- centos使用openssl生成自签名SSL证书并配置到nginx
- SSL协议 服务器下发数字证书
- Provider:SSL Provider,error:0-等待的操作过时
- 抓包分析SSL/TLS连接建立过程【总结】
- CHECK_NRPE: Error - Could not complete SSL handshake.
- Spring boot使用keytool配置ssl
- ssl 握手过程【收藏】
- 什么是服务器的SSL PSE
- Push failed Unable to access ‘url‘: OpenSSL SSL_read: Connection was reset, errno 10054
- 使用SourceTree来push代码时出现OpenSSL SSL_read: Connection was reset, errno 10054的解决方法
- 使用安全SSL连接PostgreSQL数据库
- ssl tls 证书链 根证书和叶证书查询
- SSL证书读取
- Nginx的反向代理及ssl配置
- openssl为k8s生成SSL证书
- 基于 Nginx 配置ssl证书实现https