#设置https 访问
server { listen 443; server_name www.xxx.com; access_log xxx/xxx/xxx.log combined; index index.html index.htm index.php; include /etc/nginx/default.d/*.conf; root /xxx/xxx/xxx/www.xxx.com; ssl on; ssl_certificate /usr/local/nginx/conf/ssl/server.pem; ssl_certificate_key /usr/local/nginx/conf/ssl/server.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDH:AESGCM:HIGH:!RC4:!DH:!MD5:!aNULL:!eNULL; ssl_prefer_server_ciphers on; location ~ [^/].php(/|$) { #fastcgi_pass remote_php_ip:9000; fastcgi_pass unix:/dev/shm/php-cgi.sock; fastcgi_index index.php; include fastcgi.conf; } location ~ .*.(gif|jpg|jpeg|png|bmp|swf|flv|ico)$ { expires 30d; access_log off; } location ~ .*.(js|css)?$ { expires 7d; access_log off; } }
将http请求强制转换为https
server { listen 80; server_name www.xxx.com; access_log xxx/xxx/xxx.log combined; index index.html index.htm index.php; include /etc/nginx/default.d/*.conf; rewrite ^(.*) https://$server_name$1 permanent; location ~ [^/].php(/|$) { #fastcgi_pass remote_php_ip:9000; fastcgi_pass unix:/dev/shm/php-cgi.sock; fastcgi_index index.php; include fastcgi.conf; } location ~ .*.(gif|jpg|jpeg|png|bmp|swf|flv|ico)$ { expires 30d; access_log off; } location ~ .*.(js|css)?$ { expires 7d; access_log off; } }
证书需要购买,淘宝便宜;