0%

nginx 添加 tls 证书

TLS 证书申请

保存到服务器

1
2
/etc/pki/tls/certs/server.pem
/etc/pki/tls/private/server.key

nginx 配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
server {
#网站基础配置
listen 80;
listen 443 ssl;
server_name example.com www.example.com;
root /usr/share/nginx/html/blog;
index index.html index.php;

#ssl 配置
ssl_certificate /etc/pki/tls/certs/server.pem;
ssl_certificate_key /etc/pki/tls/private/server.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

#访问 80 重定向到 https
if ($server_port = 80) {
return 301 https://$server_name$request_uri;
}

#wordpress 固定链接设置
if (-f $request_filename/index.html){
rewrite (.*) $1/index.html break;
}

if (-f $request_filename/index.php){
rewrite (.*) $1/index.php;
}

if (!-f $request_filename){
rewrite (.*) /index.php;
}

#php fastcgi 配置
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
include fastcgi_params;
}
}