linux centos nginx 环境下配置 ssl 证书

#说明:申请ssl 时候需要先关闭转跳到443,默认到80端口,否则验证证书过慢或者无法通过
[root@eisc ~]# cat /www/server/panel/vhost/nginx/eisc.conf
server
{
    listen 443 ssl;
    listen 80;
# 需要同时监听 80 和 443端口,否则在转跳的时候出现无法访问
    server_name www.eisc.cn eisc.cn;
    index index.php index.html index.htm default.php default.htm default.html;
    root /www/wwwroot/www;
    include enable-php-72.conf;
    include /www/server/panel/vhost/rewrite/www.eisc.cn.conf;
#-------- 证书配置 ---------#
ssl_certificate /www/wwwroot/www/ssl443/4862920_eisc.cn.pem;
ssl_certificate_key /www/wwwroot/www/ssl443/4862920_eisc.cn.key;
# 证书的绝对路径 也可以 ./ssl443/   当前目录下的文件
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

#------- ssl 301 转跳 -----#
    if ($server_port = 80){
          rewrite ^(/.*)$ https://$host$1 permanent;
       }

    if ($server_port = 80){
          rewrite ^(/cs/.*)$ http://work.eisc.cn$1 permanent;
       }
#----------------------------#
    location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
    {
        return 404;
    }
    location ~ \.well-known{
        allow all;
    }
    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
        expires      30d;
        error_log off;
        access_log /dev/null;
    }
    location ~ .*\.(js|css)?$
    {
        expires      12h;
        error_log off;
        access_log /dev/null;
    }
    access_log  /www/wwwlogs/www.eisc.cn.log;
    error_log  /www/wwwlogs/www.eisc.cn.error.log;
}

上一篇:linux centos 远程无法登录自动检测shell脚本


下一篇:极速生成缩略图,Serverless 支撑赛事转播锁定冬奥亮点