在宝塔中nginx配置https

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
server

{
listen 80;
listen 443;
server_name wn789.xin www.wn789.xin;
index index.php index.html index.htm default.php default.htm default.html;
root /www/wwwroot/wn789.xin;

if ($scheme = http ) { #http自动跳转到https
return 301 https://$host$request_uri; #http自动跳转到https
} #http自动跳转到https

#error_page 404/404.html;
error_page 404 /404.html;
error_page 502 /502.html;

ssl on; #需要添加
ssl_certificate /etc/1_www.wn789.xin_bundle.crt; #需要添加（这里是你的.pem文件地址）
ssl_certificate_key /etc/2_www.wn789.xin.key; #需要添加（这里是你的.key文件地址）
ssl_session_timeout 5m;  #需要添加
ssl_protocols SSLv2 SSLv3 TLSv1;  #需要添加
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;  #需要添加
ssl_prefer_server_ciphers on;  #需要添加

include enable-php-54.conf;
include rewrite/wn789.xin.conf;
location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
access_log on;
}
location ~ .*.(js|css)?$
{
expires 12h;
access_log on;
}
access_log /www/wwwlogs/wn789.xin.log;
}

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
# 本地调试模拟域名
server{
    # gzip用来压缩前端文件体积
    gzip on;
    gzip_min_length  1024;
    gzip_buffers     4 16k;
    gzip_comp_level 9;
    gzip_types       text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png application/javascript;
    gzip_vary on;

    # 上传文件大小
    client_max_body_size 5m;
    listen       80;
    # 输入您的域名 t.fashop.cn 只为演示代码，如果您没有域名可以在本地的host里进行模拟，加一行 127.0.0.1 t.fashop.cn，这样就拦截了这个域名跳到本地项目，请尽可能的模拟线上环境
    server_name  fa.ypyunedu.com;

    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;

    # 映射到swoole端口
    location / {
        proxy_pass http://127.0.0.1:9510;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        proxy_connect_timeout 300s;
        proxy_send_timeout 300s;
        proxy_read_timeout 300s;

    }
#我添加的配置开始
	listen 443;
	if ($scheme = http ) { #http自动跳转到https
return 301 https://$host$request_uri; #http自动跳转到https
} #http自动跳转到https

ssl on; #需要添加

ssl_certificate /etc/2284122_fa.ypyunedu.com.pem; #需要添加（这里是你的.pem文件地址）
ssl_certificate_key /etc/2284122_fa.ypyunedu.com.key; #需要添加（这里是你的.key文件地址）
ssl_session_timeout 5m;  #需要添加
ssl_protocols SSLv2 SSLv3 TLSv1;  #需要添加
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;  #需要添加
ssl_prefer_server_ciphers on;  #需要添加
#我添加的配置结束
	
    # 上传资源
    location ~/Upload/.*.(gif|jpg|jpeg|png|txt|mp3|mp4|rmvb|mkv|avi|mov|MOV|json|ico|css|js)$ {
        root /www/wwwroot/fashop/;
    }

    # 前端项目资源匹配
    location ~/manifest.json$ {
         root /www/wwwroot/fashop/a/;
    }
    # 前端项目资源匹配
    location ~/favicon.ico$ {
          root /www/wwwroot/fashop/a/;
    }
    # 前端项目资源匹配
    location ~/logo.png {
          root /www/wwwroot/fashop/a/;
    }
    # 前端项目资源匹配
    location ~/logo-black.png {
          root /www/wwwroot/fashop/a/;
    }
    # 前端项目资源匹配
    location ~/static/.*.(gif|jpg|jpeg|png|txt|mp3|mp4|rmvb|mkv|avi|mov|MOV|json|ico|css|js)$ {
        root /www/wwwroot/fashop/a/;
    }
    # 前端项目资源匹配
    location ~(/a$|/a/) {
        root /www/wwwroot/fashop/;
        try_files $uri /a/index.html;
    }
}