基于CentOS-6.5/Nginx-1.60安装OpenSSL-1.0.1j,并为WordPress后台配置WoSign免费SSL证书。因为之前Nginx安装时默认是没有安装OpenSSL的,因此Nginx需要重新编译。
1、安装前准备,下载源码
1
2
3
4
5
|
//天涯PHP博客 http://blog.phpha.com
[
root
@
PHPHa
~
]
# wget http://nginx.org/download/nginx-1.6.0.tar.gz
[
root
@
PHPHa
~
]
# wget http://www.openssl.org/source/openssl-1.0.1j.tar.gz
[
root
@
PHPHa
~
]
# tar -zxf nginx-1.6.0.tar.gz
[
root
@
PHPHa
~
]
# tar -zxf openssl-1.0.1j.tar.gz
|
2、编译安装OpenSSL-1.0.1j
1
2
3
4
5
|
//天涯PHP博客 http://blog.phpha.com
[
root
@
PHPHa
~
]
# cd openssl-1.0.1j
[
root
@
PHPHa
openssl
-
1.0.1j
]
# ./config shared zlib
[
root
@
PHPHa
openssl
-
1.0.1j
]
# make
[
root
@
PHPHa
openssl
-
1.0.1j
]
# make install
|
3、重新编译Nginx-1.60
1
2
3
4
5
|
//天涯PHP博客 http://blog.phpha.com
[
root
@
PHPHa
~
]
# cd nginx-1.6.0
[
root
@
PHPHa
~
]
#
[
root
@
PHPHa
nginx
-
1.6.0
]
# ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-openssl=/root/openssl-1.0.1j --with-http_ssl_module
[
root
@
PHPHa
nginx
-
1.6.0
]
# make
|
说明:此处只需编译即可,如果继续执行 make install 则会重新安装,覆盖之前的配置。
4、重新配置Nginx
下面以天涯PHP博客的配置为例进行说明。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
//天涯PHP博客 http://blog.phpha.com
[
root
@
PHPHa
nginx
]
# vim nginx.conf
//===================================================
// http://blog.phpha.com
server
{
listen
80
;
server_name
blog
.
phpha
.
com
;
index
index
.
html
index
.
php
;
root
/
home
/
wwwroot
/
blog
.
phpha
.
com
;
# 只在WordPress后台启用Https
rewrite
^
/
wp
-
admin
(
.
*
)
$
https
:
//$host/wp-admin$1 permanent;
# WordPress重定向配置
if
(
!
-
e
$request_filename
)
{
rewrite
(
.
*
)
/
index
.
php
;
}
location
~
.
php
$
{
try_files
$uri
=
404
;
fastcgi_pass
127.0.0.1
:
9000
;
fastcgi_param
SCRIPT_FILENAME
$document_root
$fastcgi_script_name
;
include
fastcgi_params
;
}
location
~
.
*
.
(
jpg
|
png
|
gif
|
jpeg
|
bmp
|
swf
)
$
{
expires
30d
;
access_log
off
;
}
location
~
.
*
.
(
js
|
css
)
?
$
{
expires
12h
;
access_log
off
;
}
access_log
off
;
}
//===================================================
// https://blog.phpha.com
server
{
listen
443
;
server_name
blog
.
phpha
.
com
;
root
/
home
/
wwwroot
/
blog
.
phpha
.
com
;
index
index
.
html
index
.
php
;
# SSL配置
ssl
on
;
ssl_certificate
1_blog.phpha.com_bundle.crt
;
//证书公钥
ssl_certificate_key
2_blog.phpha.com.key
;
//证书私钥
ssl_session_timeout
5m
;
ssl_protocols
SSLv3
TLSv1
;
ssl_ciphers
HIGH
:
!
ADH
:
!
EXPORT56
:
RC4
+
RSA
:
+
MEDIUM
;
ssl_prefer_server_ciphers
on
;
# WordPress重定向配置
if
(
!
-
e
$request_filename
)
{
rewrite
(
.
*
)
/
index
.
php
;
}
location
~
.
php
$
{
try_files
$uri
=
404
;
fastcgi_pass
127.0.0.1
:
9000
;
fastcgi_param
SCRIPT_FILENAME
$document_root
$fastcgi_script_name
;
include
fastcgi_params
;
}
location
~
.
*
.
(
jpg
|
png
|
gif
|
jpeg
|
bmp
|
swf
)
$
{
expires
30d
;
access_log
off
;
}
location
~
.
*
.
(
js
|
css
)
?
$
{
expires
12h
;
access_log
off
;
}
access_log
off
;
}
//===================================================
[
root
@
PHPHa
nginx
]
# service nginx reload
|
总结:到此为止,实现了访问WordPress后台(即URL里包含wp-content)时自动重定向到Https安全连接,而前台依然采用Http进行访问。当然前台也可以通过Https进行访问,但是没必要。
一是因为采用Https会造成网站访问变慢,二是百度等搜索引擎对Https连接貌似不收录,所以网站前台完全没必要强制重定向到Https。
演示:访问 http://blog.phpha.com/wp-admin 会自动跳转到 https://blog.phpha.com/wp-admin
补充:天涯PHP博客采用的是WoSign免费证书(https://www.zzidc.com/SSL),可以申请一个来测试用。
推荐:关于SSL有任何问题需要协助,可以直接联系天涯的朋友[QQ537008042],告之来自天涯PHP博客,即可享受优待(你懂的)。