标签:rsa cer targe ssl blog 版权 rewrite ast protocol
nginx 80端口重定向到443端口,也就是http访问自动跳转到https
配置如下:
一、按照如下格式修改nginx.conf 配置文件,80端口会自动转给443端口,这样就强制使用SSL证书加密了。访问http的时候会自动跳转到https上面。
server { listen 80; server_name www.域名.com; rewrite ^(.*)$ https://${server_name}$1 permanent; } server { listen 443; server_name www.域名.com; root /home/wwwroot; ssl on; ssl_certificate /etc/nginx/certs/server.crt; ssl_certificate_key /etc/nginx/certs/server.key; .... }
备注: ${server_name}可以换成$host
二、重启nginx。
三、示例(以下是我们生产的配置)
server { listen 80; server_name www.test.com; rewrite ^(.*)$ https://${server_name}$1 permanent; } server { listen 443; server_name www.test.com; ssl on; ssl_certificate /etc/pki/CA/certs/214321311540956.pem; ssl_certificate_key /etc/pki/CA/certs/214321311540956.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; index index.php index.htm index.html; error_page 404 /404.html; error_page 500 502 503 504 /50x.html; location ~ \.php { root /alidata/www/html; fastcgi_pass unix:/tmp/php-cgi.sock; fastcgi_index index.php; include fastcgi.conf; set $path_info ""; set $fastcgi_script_name_new $fastcgi_script_name; if ($fastcgi_script_name ~* "^(.+\.php)(/.+)$" ) { set $fastcgi_script_name_new $1; set $path_info $2; } fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name_new; fastcgi_param SCRIPT_NAME $fastcgi_script_name_new; fastcgi_param PATH_INFO $path_info; } location / { root /alidata/www/html; index index.php index.html index.htm; if (!-e $request_filename){ rewrite ^(.*)$ /index.php$1 last; } } }
标签:rsa cer targe ssl blog 版权 rewrite ast protocol
原文地址:https://www.cnblogs.com/jinanxiaolaohu/p/11367535.html
