centos nginx https 配置

qigebao 2019-05-22 原文

1,如果想配置一个域名到指定目录咋弄呢?下面这个

server {
        listen  80;    
        server_name 这里换成你的域名,例如baidu.com;    
        set $root_path '/home/wwwroot/tapai_html/';    
        root $root_path;
        
        index index.html index.php index.htm;    
        
        # rewrite ^(.*) https://$server_name;
        try_files $uri $uri/ @rewrite;    
        

        location @rewrite {    
            rewrite ^/(.*)$ /index.php?_url=/$1;    
        }    
        
        location ~ \.php {    
        
            fastcgi_pass 127.0.0.1:9000;    
            fastcgi_index /index.php;    
        
            fastcgi_split_path_info       ^(.+\.php)(/.+)$;    
            fastcgi_param PATH_INFO       $fastcgi_path_info;    
            fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;    
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;    
            include                       fastcgi_params; 
        }   

        # location /imgtext_detail {
                # proxy_pass /home/wwwroot/tapai_html/imgtext_detail;
                # proxy_pass http://127.0.0.1:9000/imgtext_detail/;
        # }

        location ~* ^/(css|img|js|flv|swf|download)/(.+)$ {    
            root $root_path;    
        }    
        
        location ~ /\.ht {    
            deny all;    
        }    
    }

2,如果想让这个域名同时也支持https访问,该咋办呢?下面这个server和上面的server同时在就好了

server {
       listen       443;
       listen       [::]:443;
       server_name  这里换成你的域名,例如baidu.com;
       root         /home/wwwroot/tapai_html/;

       ssl on; 
    #    ssl_session_tickets off;
       ssl_certificate "/etc/nginx/ssl/这里换成证书.crt"; #也有可能是.pem结尾的
       ssl_certificate_key "/etc/nginx/ssl/这里换成秘钥.key";
       ssl_session_cache shared:SSL:1m;
       ssl_session_timeout  10m;
       ssl_ciphers HIGH:!aNULL:!MD5;
       ssl_prefer_server_ciphers on;

       # Load configuration files for the default server block.
       include /etc/nginx/default.d/*.conf;

       error_page 404 /404.html;
           location = /40x.html {
       }

       error_page 500 502 503 504 /50x.html;
           location = /50x.html {
       }
   }

3,如果想让同个ip,支持两个https域名,该咋办呢?把上面server复制一份,把里面的server_name 换成另一个域名,并且把证书和秘钥路径改一下就行了

server {
       listen       443;
       listen       [::]:443;
       server_name  这里配置另一个域名,比如qq.com;
       root         /home/wwwroot/tapai_html/;

       ssl on; 
    #    ssl_session_tickets off;
       ssl_certificate "/etc/nginx/ssl/这里换成此域名对应的证书.pem";
       ssl_certificate_key "/etc/nginx/ssl/这里换成此域名对应的秘钥.key";
       ssl_session_cache shared:SSL:1m;
       ssl_session_timeout  10m;
       ssl_ciphers HIGH:!aNULL:!MD5;
       ssl_prefer_server_ciphers on;

       # Load configuration files for the default server block.
       include /etc/nginx/default.d/*.conf;

       error_page 404 /404.html;
           location = /40x.html {
       }

       error_page 500 502 503 504 /50x.html;
           location = /50x.html {
       }
   }