Nginx PHP7 配置伪静态 SSL证书
作者:
叫我null | 来源:发表于
2020-04-09 10:58 被阅读0次
一、准备目录:
- 根目录:/var/www/html/
- 站点目录:/var/www/html/shop
- 证书目录:/etc/nginx/cert
- php-fpm 端口:9000
- 日志目录:/var/www/logs
二、Nginx配置:
cat shop.conf
server {
server_name domain.com;
listen 443 ssl;
ssl on;
ssl_certificate /etc/nginx/cert/domain.com.crt;
ssl_certificate_key /etc/nginx/cert/domain.com.key;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; # HSTS
add_header X-Frame-Options DENY;
ssl_dhparam /etc/nginx/cert/dhparam.pem;
add_header X-Content-Type-Options nosniff;
ssl_session_tickets off; # nginx >= 1.5.9
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
error_log /var/www/logs/shop_error.log crit;
client_max_body_size 10m;
root /var/www/html/shop;
index index.php;
location ~ \.php(.*)$ {
fastcgi_pass php:9000;
fastcgi_index index.php;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
include fastcgi_params;
}
location ^~ /Runtime {
deny all;
}
}
server {
listen 80;
server_name domain.com;
return 301 https://$server_name$request_uri;
}
本文标题:Nginx PHP7 配置伪静态 SSL证书
本文链接:https://www.haomeiwen.com/subject/znmqmhtx.html
网友评论