yum方式安装nginx,配置https站点

直接丢配置文件

 server
    {
        listen 80;
        #listen [::]:80;
        server_name xx.com;
        rewrite ^(.*) https://$host$1 permanent;
        index index.html index.htm index.php default.html default.htm default.php;
        root  /home/wwwroot/xx.com;

        #error_page   404   /404.html;
        #include proxy-pass-php.conf;
       location / { 
         index index.php index.html index.htm ; 
             try_files $uri $uri/ /index.php?$query_string;
        }

        location ~ \.php$ {
             root /home/wwwroot/xx.com; #指定php的根目录
             fastcgi_pass 127.0.0.1:9000;#php-fpm的默认端口是9000
             fastcgi_index index.php;
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
             include fastcgi_params;
        }
       location ~ /.well-known {
            allow all;
        }

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }

        location ~ .*\.(js|css)?$
        {
            expires      12h;
        }

        location ~ /\.
        {
            deny all;
        }

        access_log off;
    }
server
    {
         listen 443;
        server_namexx.com; #填写绑定证书的域名
    root  /home/wwwroot/xx.com;
        index index.html index.htm index.php default.html default.htm default.php;
    ssl on;
        ssl_certificate /home/wwwroot/xx.com/1_xx.com_bundle.crt;
        ssl_certificate_key /home/wwwroot/xx.com/2_xx.com.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
        ssl_prefer_server_ciphers on;
        location / {
        try_files $uri $uri/ /index.php$is_args$query_string;
        }
         location ~ \.php$ {
             root /home/wwwroot/xx.com/public; #指定php的根目录
             fastcgi_pass 127.0.0.1:9000;#php-fpm的默认端口是9000
             fastcgi_index index.php;
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
             include fastcgi_params;
        }

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }

        location ~ .*\.(js|css)?$
        {
            expires      12h;
        }

        location ~ /.well-known {
            allow all;
        }

        location ~ /\.
        {
            deny all;
        }

        access_log off;
    }

其中 include fastcgi_params;

fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  REQUEST_SCHEME     $scheme;
fastcgi_param  HTTPS              $https if_not_empty;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;