NGINX配置SSL 

listen 80;
        listen [::]:80;

        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;
        
        ssl_certificate   /source/cert/SERVER_NAME.pem;
        ssl_certificate_key  /source/cert/SERVER_NAME.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;   

        root /source/html/www;

        # Add index.php to the list if you are using PHP
        index index.html index.php;

        server_name SERVER_NAME;

        #强制将http的URL重写成https
        # rewrite ^(.*) https://$server_name$1 permanent;
 
        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }

         location ~ [^/]\.php(/|$)
        {
                fastcgi_pass unix:/run/php/php7.4-fpm.sock;
                fastcgi_index index.php;
                include fastcgi.conf;


                set $fastcgi_script_name2 $fastcgi_script_name;
                if ($fastcgi_script_name ~ "^(.+\.php)(/.+)$") {
                        set $fastcgi_script_name2 $1;
                        set $path_info $2;
                }

                real_ip_header X-Forwarded-For;

                fastcgi_param   HTTP_X_FORWARDED_FOR $http_x_forwarded_for;
                fastcgi_param   PATH_INFO $path_info;
                fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name2;
                fastcgi_param   SCRIPT_NAME $fastcgi_script_name2;
        }

 

server {
        listen 443 ssl;
        listen [::]:443 ssl;
        # SSL configuration
                                                                                                                              
         ssl_certificate   /source/cert/SERVER_NAME.pem;
        ssl_certificate_key  /source/cert/SERVER_NAME.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;

        root /source/html/www;

        # Add index.php to the list if you are using PHP
        index index.html index.php;
       
        server_name SERVER_NAME;
       
        location / {
                try_files $uri $uri/ =404;
        }
       
}

 

posted @ 2025-03-05 16:08  Lee_Yong  阅读(14)  评论(0)    收藏  举报