nginx 1.20.1 + PHP-FPM 腾讯云服务器配置HTTPS详细配置文件
本文最后更新于 403 天前,其中的信息可能已经有所发展或是发生改变。

系统:Centos 7

后台:nginx 1.20.1 +PHP7.4 (8.0+也通用)

这里以本站herek.asia为例

如果是yum安装的nginx,默认的配置文件目录在/etc/nginx/

不多说了,直接上代码

nginx.conf:

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 4096;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
        listen       80;
        listen       [::]:80;
        #填写绑定证书的域名
        server_name  herek.asia;
        #重定向HTTP请求到HTTPS
        rewrite ^(.*) https://$server_name$1 permanent;
    }

# Settings for a TLS enabled server.

   server {
       listen       443 ssl http2;
       listen       [::]:443 ssl http2;
       #填写绑定证书的域名
       server_name  herek.asia;
       root         /usr/share/nginx/html;
       index index.php;
        
       ssl_certificate "1_herek.asia_bundle.crt";
       ssl_certificate_key "2_herek.asia.key";
       ssl_session_cache shared:SSL:1m;
       ssl_session_timeout  10m;
       ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
       ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
       ssl_prefer_server_ciphers on;

       # Load configuration files for the default server block.
       include /etc/nginx/default.d/*.conf;

       location ~ \.php$ {
       try_files $uri =404;
       fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
       fastcgi_index index.php;
       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
       include fastcgi_params;
       }

       location / {
       try_files $uri $uri/ /index.php?$query_string;
       }

       error_page 404 /404.html;
           location = /40x.html {
       }

       error_page 500 502 503 504 /50x.html;
           location = /50x.html {
       }
   }

}

需要注意的是,我这里将证书.crt和.key文件放在了和配置文件的相同目录,如果放在其他目录,需要修改的话将双引号内文件名换成绝对目录地址即可。

最后,重启nginx服务以及php-fpm服务以让修改生效。

systemctl restart nginx php-fpm

评论

  1. 王俊凯
    1年前
    2021-10-24 10:59:15

    真好,找了好久了

发送评论 编辑评论


				
|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠( ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ °Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
颜文字
Emoji
小恐龙
花!
上一篇
下一篇