Nginx https配置

最后更新于:2022-04-02 04:34:02

### Nginx https配置 ```shell [root@iZuf6fvttmu9vkdbnencgpZ vhost]# vi yc-mv.tenpower.club.conf server { # 开启https端口 listen 443 ssl; server_name yc-mv.tenpower.club; access_log off; index index.html index.htm index.php; include /usr/local/nginx/conf/rewrite/thinkphp.conf; root /data/wwwroot/yc-mv.tenpower.club/public; # 证书配置 #ssl on; ssl_certificate /usr/local/nginx/cert/yc-mv.tenpower.club/214076134390354.pem; ssl_certificate_key /usr/local/nginx/cert/yc-mv.tenpower.club/214076134390354.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location ~ \.php { #fastcgi_pass remote_php_ip:9000; fastcgi_pass unix:/dev/shm/php-cgi.sock; fastcgi_index index.php; include fastcgi_params; set $real_script_name $fastcgi_script_name; if ($fastcgi_script_name ~ "^(.+?\.php)(/.+)$") { set $real_script_name $1; #set $path_info $2; } fastcgi_param SCRIPT_FILENAME $document_root$real_script_name; fastcgi_param SCRIPT_NAME $real_script_name; #fastcgi_param PATH_INFO $path_info; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|ico)$ { expires 30d; access_log off; } location ~ .*\.(js|css)?$ { expires 7d; access_log off; } } server { # 支持web 80端口访问 listen 80; # 配置访问域名 不包含协议 server_name yc-mv.tenpower.club; # 使用url重写模块重写url 访问非https的url重定向到http上去 rewrite ^/(.*) https://yc-mv.tenpower.club/$1 permanent; } ``` **所以静态资源服务器的这么配置:** 同时支持 https 和 http 访问,不做重定向。 ```shell [root@iZuf6fvttmu9vkdbnencgpZ vhost]# vi static.tenpower.club.conf server { listen 443 ssl; #listen 80; server_name static.tenpower.club; access_log off; index index.html index.htm index.php; #include /usr/local/nginx/conf/rewrite/none.conf; root /data/wwwroot/static.tenpower.club; ssl_certificate /usr/local/nginx/cert/static.tenpower.club/214076243630354.pem; ssl_certificate_key /usr/local/nginx/cert/static.tenpower.club/214076243630354.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location ~ [^/]\.php(/|$) { #fastcgi_pass remote_php_ip:9000; fastcgi_pass unix:/dev/shm/php-cgi.sock; fastcgi_index index.php; include fastcgi.conf; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|ico)$ { expires 30d; access_log off; } location ~ .*\.(js|css)?$ { expires 7d; access_log off; } } server { listen 80; server_name static.tenpower.club; #rewrite ^/(.*) https://yc-mv.tenpower.club/$1 permanent; } ``` >[tip] 即使配置为两者同时支持,不做跳转处理,在使用360和谷歌等浏览器测试时发现,如果访问过https的地址,再次访问不加https的地址也会跳转到https上去,它竟然会自动帮助用户访问安全的地址,**这是浏览器自己的行为,而不是web服务器这样配置的,** 这可能会给我们测试时带来困惑,所以要多换几个浏览器测试一下。 * * * * * 不加www跳转到加www ``` server { listen 80; server_name www.123.com 123.com; access_log off; index index.html index.htm index.php; root /data/wwwroot/123.com; if ($host != www.123.com) { return 301 $scheme://www.123.com$request_uri; } include /usr/local/nginx/conf/rewrite/none.conf; #error_page 404 /404.html; #error_page 502 /502.html; location ~ [^/]\.php(/|$) { #fastcgi_pass remote_php_ip:9000; fastcgi_pass unix:/dev/shm/php-cgi.sock; fastcgi_index index.php; include fastcgi.conf; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ { expires 30d; access_log off; } location ~ .*\.(js|css)?$ { expires 7d; access_log off; } location ~ /\.ht { deny all; } } ``` >[tip] 更多项目配置用法参见:[WebServer配置 · web开发最佳实践 · 看云](https://www.kancloud.cn/xiak/web-dev-best-practice/708059) * * * * * ### 参考 - [微信小程序Server端环境配置详解(SSL……](http://www.myhack58.com/Article/sort099/sort0102/2017/83246.htm) - [Nginx环境下http和https(ssl)共存的方法](http://jingyan.baidu.com/article/b87fe19e9a309b5218356818.html) - [Nginx配置同一个域名同时支持http与https两种方式访问 - 周伯通的麦田 - 博客园](https://www.cnblogs.com/phpper/p/6441475.html) - [Nginx配置实现CORS | youyu岁月](http://www.itzh.org/2017/12/25/CORS_config_for_nginx/) * * * * * update time:2018-8-8 23:02:13
';