Nginx配置https

 


 

域名

www.timophp.com

 

申请证书

请到阿里云申请 安全-证书服务-购买证书

 

先配置好http

server {
    listen       80;
    server_name  www.timophp.com;

    charset utf-8;
    access_log off;

    root   /data/timophp/public;
}

 

验证域名是你的

1、下载fileauth.txt放到/data/timophp/public/.well-known/pki-validation目录下面

 

2、访问:http://www.timophp.com/.well-known/pki-validation/fileauth.txt

 

3、等待审核通过

 

下载证书

1、在nginx安装目录创建cert目录,如:/usr/local/nginx/cert/
2、下载证书到cert目录

 

配置nginx

server {
    listen       80;
    server_name  www.timophp.com;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl;
    server_name www.timophp.com;

    ssl_certificate   /usr/local/nginx/cert/1234567890.pem;
    ssl_certificate_key  /usr/local/nginx/cert/1234567890.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    charset utf-8;
    #access_log  /data/log/nginx/www_timophp.access.log;
    access_log off;

    root    /data/gumaor/public;
    error_page 404 /404.html;

    location /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location / {
        index   index.php index.html index.htm;
        if (!-e $request_filename) {
            rewrite ^/(.*)$ /web/index.php/$1 last;
        }
    }

    location ~ \.php(/|$) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        fastcgi_pass   unix:/dev/shm/php-fpm.sock;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_param  PATH_INFO        $fastcgi_path_info;
        include        fastcgi_params;
    }

    location ~ /\.ht {
        deny  all;
    }
}

 

开启443端口

firewall-cmd --add-service=https --permanent
firewall-cmd --reload

 

参考文档

http://blog.csdn.net/zhoutimo/article/details/51991427