版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/qq_41179401/article/details/86104881
环境是使用lnmp一键安装包搭建的;
1 首先去这个网站下载证书:免费ssl证书
最终会得到两个文件
2:在/usr/local/nginx/conf创建cert目录把这两个文件放进去,这个地址后面有用。
编辑/usr.local/nginx/conf/nginx.conf:添加下面这段:
server {
listen 443;
server_name www.domain.cn; #这里改成你的
ssl on;
root /home/wwwroot/default; #你的地址
#下面两个是上面下载的两个文件地址
ssl_certificate /usr/local/nginx/conf/cert/full_chain.pem;
ssl_certificate_key /usr/local/nginx/conf/cert/private.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on;
index index.php index.html index.htm; # 优先解析php文件 # 匹配后缀为php的文件
location ~ \.php?.*$
{
root /home/wwwroot/default; # 设置网站根目录
fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
include fastcgi_params;
}
location /nginx_status
{
stub_status on; access_log off;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /\.
{
deny all;
}
access_log /home/wwwlogs/access.log;
}
注意最终格式是http:{server{}}不要把这段写在http外面了
access_log /home/wwwlogs/access.log;写一遍就行了