Nginx https配置
最后更新于:2022-04-02 04:34:02
### Nginx https配置
```shell
[root@iZuf6fvttmu9vkdbnencgpZ vhost]# vi yc-mv.tenpower.club.conf
server {
# 开启https端口
listen 443 ssl;
server_name yc-mv.tenpower.club;
access_log off;
index index.html index.htm index.php;
include /usr/local/nginx/conf/rewrite/thinkphp.conf;
root /data/wwwroot/yc-mv.tenpower.club/public;
# 证书配置
#ssl on;
ssl_certificate /usr/local/nginx/cert/yc-mv.tenpower.club/214076134390354.pem;
ssl_certificate_key /usr/local/nginx/cert/yc-mv.tenpower.club/214076134390354.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location ~ \.php {
#fastcgi_pass remote_php_ip:9000;
fastcgi_pass unix:/dev/shm/php-cgi.sock;
fastcgi_index index.php;
include fastcgi_params;
set $real_script_name $fastcgi_script_name;
if ($fastcgi_script_name ~ "^(.+?\.php)(/.+)$") {
set $real_script_name $1;
#set $path_info $2;
}
fastcgi_param SCRIPT_FILENAME $document_root$real_script_name;
fastcgi_param SCRIPT_NAME $real_script_name;
#fastcgi_param PATH_INFO $path_info;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|ico)$ {
expires 30d;
access_log off;
}
location ~ .*\.(js|css)?$ {
expires 7d;
access_log off;
}
}
server {
# 支持web 80端口访问
listen 80;
# 配置访问域名 不包含协议
server_name yc-mv.tenpower.club;
# 使用url重写模块重写url 访问非https的url重定向到http上去
rewrite ^/(.*) https://yc-mv.tenpower.club/$1 permanent;
}
```
**所以静态资源服务器的这么配置:**
同时支持 https 和 http 访问,不做重定向。
```shell
[root@iZuf6fvttmu9vkdbnencgpZ vhost]# vi static.tenpower.club.conf
server {
listen 443 ssl;
#listen 80;
server_name static.tenpower.club;
access_log off;
index index.html index.htm index.php;
#include /usr/local/nginx/conf/rewrite/none.conf;
root /data/wwwroot/static.tenpower.club;
ssl_certificate /usr/local/nginx/cert/static.tenpower.club/214076243630354.pem;
ssl_certificate_key /usr/local/nginx/cert/static.tenpower.club/214076243630354.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location ~ [^/]\.php(/|$) {
#fastcgi_pass remote_php_ip:9000;
fastcgi_pass unix:/dev/shm/php-cgi.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|ico)$ {
expires 30d;
access_log off;
}
location ~ .*\.(js|css)?$ {
expires 7d;
access_log off;
}
}
server {
listen 80;
server_name static.tenpower.club;
#rewrite ^/(.*) https://yc-mv.tenpower.club/$1 permanent;
}
```
>[tip] 即使配置为两者同时支持,不做跳转处理,在使用360和谷歌等浏览器测试时发现,如果访问过https的地址,再次访问不加https的地址也会跳转到https上去,它竟然会自动帮助用户访问安全的地址,**这是浏览器自己的行为,而不是web服务器这样配置的,** 这可能会给我们测试时带来困惑,所以要多换几个浏览器测试一下。
* * * * *
不加www跳转到加www
```
server {
listen 80;
server_name www.123.com 123.com;
access_log off;
index index.html index.htm index.php;
root /data/wwwroot/123.com;
if ($host != www.123.com) { return 301 $scheme://www.123.com$request_uri; }
include /usr/local/nginx/conf/rewrite/none.conf;
#error_page 404 /404.html;
#error_page 502 /502.html;
location ~ [^/]\.php(/|$) {
#fastcgi_pass remote_php_ip:9000;
fastcgi_pass unix:/dev/shm/php-cgi.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
expires 30d;
access_log off;
}
location ~ .*\.(js|css)?$ {
expires 7d;
access_log off;
}
location ~ /\.ht {
deny all;
}
}
```
>[tip] 更多项目配置用法参见:[WebServer配置 · web开发最佳实践 · 看云](https://www.kancloud.cn/xiak/web-dev-best-practice/708059)
* * * * *
### 参考
- [微信小程序Server端环境配置详解(SSL……](http://www.myhack58.com/Article/sort099/sort0102/2017/83246.htm)
- [Nginx环境下http和https(ssl)共存的方法](http://jingyan.baidu.com/article/b87fe19e9a309b5218356818.html)
- [Nginx配置同一个域名同时支持http与https两种方式访问 - 周伯通的麦田 - 博客园](https://www.cnblogs.com/phpper/p/6441475.html)
- [Nginx配置实现CORS | youyu岁月](http://www.itzh.org/2017/12/25/CORS_config_for_nginx/)
* * * * *
update time:2018-8-8 23:02:13
';