配置nginx服务器的ssl证书要去nginx目录下中conf文件夹下的nginx.conf中寻找server,找到监听443端口的server,把#打开(即关闭掉注释),修改以下配置(仅供参考)
server {
listen 80;
listen 443;
server_name 1520.top;
root "D:\www\WEB";//ssl协议的根目录
ssl on;
ssl_certificate D:/phpStudy/PHPTutorial/nginx/conf/ssl/ssl.pem;
ssl_certificate_key D:/phpStudy/PHPTutorial/nginx/conf/ssl/1520.key;
ssl_session_timeout 5m;
#ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
index index.html index.htm index.php;
autoindex on;
}
location ~ \.php(.*)$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
include fastcgi_params;
}
}
ssl_certificate这个需要配置你的证书的crt或者pem文件(域名证书公钥),ssl_certificate_key这个配置你的(私钥).key文件!
此时你可以去在地址栏输入你配置的域名https//1520.top 地址栏则提示绿色安全标志(当然这个证书一定要是和域名匹配的正规机构颁发,如果使用OpenSSL则提示证书隐患,不信任导致不安全标志)!
window下朋友们注意下:在配置ssl证书的路径时候要使用("/"表示层级,不要使用"\"表示),简单来说就是使用url路径,不要使用文件路径(D:\www\a.key)比如这个路径在配置时候不能用否则将无法启动NGINX,包括Apache下配置也是无法启动的,需要使用(D:/www/a.key)这样才可以!就是使用url地址栏中斜线(正斜线,不要使用文件路径的反斜线)进行分割层级目录!导致我配置出错,找原因困扰很久的就是这个斜线问题!
当然你可能输入没有https:// 请求头无法进行跳转,此时在配置里面简单写一句
if ($server_port = 80) { # http强制跳转https
return 301 https://$server_name$request_uri;//301重定向到https
}
-----------------------------------------------------------------------
if ($scheme = http) { # http强制跳转https
return 301 https://$server_name$request_uri;//301重定向到https
}
-------------------------------------------------------------------------
任选其一,第一个判断端口,第二个判断协议
server {
listen 80;
listen 443;
server_name 1520.top;
root "D:\www\WEB";//ssl协议的根目录
ssl on;
ssl_certificate D:/phpStudy/PHPTutorial/nginx/conf/ssl/ssl.pem;
ssl_certificate_key D:/phpStudy/PHPTutorial/nginx/conf/ssl/1520.key;
ssl_session_timeout 5m;
#ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
if ($server_port = 80) { # http强制跳转https
return 301 https://$server_name$request_uri;//301重定向到https
}
location / {
index index.html index.htm index.php;
autoindex on;
}
location ~ \.php(.*)$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
include fastcgi_params;
}
}