2016-08-17更新nginx配置
server { listen 80; server_name blog.xesygao.com; #http请求自动跳转到https return 301 https://blog.xesygao.comrequest_uri; } server { #https证书 listen 443 ssl; ssl_certificate /etc/letsencrypt/live/xesygao.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/xesygao.com/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL; server_name blog.xesygao.com; #charset koi8-r; #access_log /var/log/nginx/log/host.access.log main; location / { root /var/www/html/blog; index index.php index index.html index.htm; #wordpress伪静态(解决固定链接404) try_filesuri uri/ /index.php; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ .php { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # location ~ .php{ root /var/www/html/blog; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAMEdocument_root$fastcgi_script_name; include fastcgi_params; } # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /.ht { # deny all; #} }
前几天本站启用了https,用的是let's Encrypt提供的免费证书,有效期为90天,到期前更新一下就好(可以用计划任务自动更新)
简单记录下启用https的过程
这里用到的是let's Encrypt官方提供的工具certbot
选择自己的服务器软件和服务器系统之后按照步骤就好了,具体就不详细说明了
本人的系统环境是centos6.5+apache
在此备份下
1.在/etc/httpd/conf/httpd.conf加入
NameVirtualHost *:443
2.https虚拟主机配置
打开/etc/httpd/conf.d/ssl.conf
配置模板
<VirtualHost *:443> ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES SSLCertificateFile /etc/letsencrypt/live/www.xesygao.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/www.xesygao.com/privkey.pem <Files ~ “.(cgi|shtml|phtml|php3?)$”> SSLOptions +StdEnvVars </Files> <Directory “/var/www/cgi-bin”> SSLOptions +StdEnvVars </Directory> SetEnvIf User-Agent “.*MSIE.*” nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 CustomLog logs/ssl_request_log “%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x ”%r” %b” DocumentRoot /var/www/html/blog ServerName blog.xesygao.com SSLCertificateChainFile /etc/letsencrypt/live/www.xesygao.com/chain.pem </VirtualHost>
Comments | Nothing