Nginx配置SSL步骤

1. 把SSL证书上传到Nginx同级目录，创建文件夹cert下

 

2. 修改配置文件nginx.conf

增加

web主页配置

     server {

        listen 443 ssl default_server;

        server_name www.xxx.com; #填写绑定证书的域名

        ssl on;

        ssl_certificate cert/xxxx.crt;

        ssl_certificate_key cert/xxxx.key;

        ssl_session_timeout 5m;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置

        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置

        ssl_prefer_server_ciphers on;

        location / {

            root   /home/www/web; #站点目录

            index  index.html index.htm;

        }

    }

 

  Youdunyun 配置

 

  

server {

        listen 443;

        server_name xxx.xxx.com; #填写绑定证书的域名

        ssl on;

        ssl_certificate cert/xxxx.com.crt;

        ssl_certificate_key cert/STAR.yc927.com.key;

        ssl_session_timeout 5m;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置

        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置

        ssl_prefer_server_ciphers on;

        root   /home/www/xxx; #站点目录

        index index.php  index.html index.htm;

        client_max_body_size  2000m;

    #rewrite

     location / {

        try_files $uri @rewrite;

    }

    location @rewrite {

        set $static 0;

        if  ($uri ~ \.(css|js|jpg|jpeg|png|gif|ico|woff|eot|svg|css\.map|min\.map)$) {

                set $static 1;

        }

        if ($static = 0) {

                rewrite ^/(.*)$ /index.php?s=/$1;

        }

    }

    location ~ /Uploads/.*\.php$ {

        deny all;

    }

    location ~ \.php/ {

        if ($request_uri ~ ^(.+\.php)(/.+?)($|\?)) { }

        fastcgi_pass 127.0.0.1:9000;

        include fastcgi_params;

        fastcgi_param SCRIPT_NAME     $1;

        fastcgi_param PATH_INFO       $2;

        fastcgi_param SCRIPT_FILENAME $document_root$1;

    }

    location ~ \.php$ {

        fastcgi_pass 127.0.0.1:9000;

        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

        include fastcgi_params;

    }

    location ~ /\.ht {

        deny  all;

    }

    #rewrite结束

    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$

    {

        expires      30d;

    }

    location ~ .*\.(js|css)?$

    {

        expires      12h;

    }

    location ~ /\.

    {

        deny all;

    }

    # access_log  /home/wwwlogs/access_tpblog.log  access;

    }

}

 

 

3. 保存配置，重启Nginx， service nginx reload

   如果启动错误 nginx: [emerg] unknown directive "ssl" in /usr/local/nginx/conf/nginx.conf:196

出现这个错误说明没有将ssl模块编译进nginx，在configure的时候加上“–with-http_ssl_module”即可

 

####### 下载你当前版本的nginx包，并且解压 进到目录
./configure --with-http_ssl_module
####### 切记千万不要make install 那样就覆盖安装了
make
####### 将原来的nginx备份 备份之前先kill当前正在启动的nginx
cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
####### make之后会在当前目录生成 objs 目录
cp objs/nginx /usr/local/nginx/sbin/nginx
####### 然后重新启动nginx
/usr/local/nginx/sbin/nginx

 

 

4. 如果需要80端口默认到HTTPS 添加， 屏蔽旧的80端口配置

     server {

     listen 80;

     server_name www.xxx.com;

     #rewrite ^(.*) https://$server_name$1 permanent;

     rewrite ^(.*)$  https://$host$1 permanent;

   }