之前都用惯了阿里云购买的负载均衡直接配置https,最近要试试服务器本地配置https,回顾一下,文件多余参数不做赘述。
首先是80端口的配置文件,如不需要忽略。
server
{
listen 80;
server_name www.xxxx.com; //你的域名
index index.html index.htm index.php default.html default.htm default.php;
root /home/wwwroot/xxx/; //项目根目录
client_max_body_size 1000M;
include rewrite/none.conf;
include enable-php-pathinfo.conf;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /.well-known {
allow all;
}
location ~ /\.
{
deny all;
}
}然后是443端口,也就是https域名配置。
server
{
listen 443 ssl http2;
#listen [::]:443 ssl http2;
server_name www.xxx.com; //你的域名
index index.html index.htm index.php default.html default.htm default.php;
root /home/wwwroot/xxx/; //项目根路径
ssl_certificate /usr/local/nginx/cert/xxx.com.pem; //证书路径
ssl_certificate_key /usr/local/nginx/cert/xxx.com.key; //证书路径
include rewrite/none.conf;
#error_page 404 /404.html;
# Deny access to PHP files in specific directory
#location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }
include enable-php.conf;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /.well-known {
allow all;
}
location ~ /\.
{
deny all;
}
access_log off;
}