End.

nginx发布配置https协议,并发布PHP站点

2018-08-29 12:41 所属:Nginx 阅读数:907

nginx配置可参考《centos7 搭建 LNMP环境 (PHP7、Mysql5.7)

1. https,SSL走的是443端口,所以listen设置 443;

2. SSL,CA会颁发证书,包含crt文件和key文件;

3. ssl_certificate 填写 crt文件在centos的路径;

4. ssl_certificate_key 填写 key文件在centos的路径;

5. location ~ .php$ {} 里面的fastcgi_param HTTPS需要开启,因为nginx默认是走http协议连接php-fpm的,我们要开启https连接php-fpm。

如下是测试通过的配置:

server {
     listen 443;
     server_name www.test.com;
     ssl on;
     ssl_certificate 1_www.test.com_bundle.crt;
     ssl_certificate_key 2_www.test.com.key;
     ssl_session_timeout 5m;
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
     ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
     ssl_prefer_server_ciphers on;
     location / {
         root   /usr/share/nginx/html/test;
         index  index.html index.htm;
     }
     
     location ~ .php$ {
          try_files $uri =404;
          root /usr/share/nginx/html/test;
          fastcgi_pass 127.0.0.1:9000;
          fastcgi_index index.php;
          fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
          include fastcgi.conf;
          fastcgi_param HTTPS on;
     }
 }

the End.

End.