http段
# 禁止通过ip地址访问 server { listen 80 default_server; listen [::]:80 default_server; server_name _; return 400; } # 允许通过域名访问-自动跳转到https server { listen 80; server_name 你的域名.com; rewrite ^(.*) https://$server_name$1 permanent; }
https段
# 禁止通过ip地址访问-https server { listen 443 ssl default_server; listen [::]:443 ssl default_server; #ssl on; ssl_certificate 3935979_www.slience.com.pem; ssl_certificate_key 3935979_www.slience.com.key; server_name _; return 400; } server { listen 443 ssl; #监听端口 server_name 你的域名.com; #域名 index index.html index.htm index.php; ssl_certificate # 你的证书.pem; ssl_certificate_key 你的证书key.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; root /home/web/html; # 你的站点目录 location ~ .*.(php|php5)?$ { #fastcgi_pass unix:/tmp/php-cgi.sock; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi.conf; } location ~ .*.(gif|jpg|jpeg|png|bmp|swf|ico)$ { expires 30d; # access_log off; } location ~ .*.(js|css)?$ { expires 15d; # access_log off; } access_log off; }