Nginx https配置 · php筆記

### Nginx https配置 ```shell [root@iZuf6fvttmu9vkdbnencgpZ vhost]# vi yc-mv.tenpower.club.conf server { # 開啟https端口 listen 443 ssl; server_name yc-mv.tenpower.club; access_log off; index index.html index.htm index.php; include /usr/local/nginx/conf/rewrite/thinkphp.conf; root /data/wwwroot/yc-mv.tenpower.club/public; # 證書配置 #ssl on; ssl_certificate /usr/local/nginx/cert/yc-mv.tenpower.club/214076134390354.pem; ssl_certificate_key /usr/local/nginx/cert/yc-mv.tenpower.club/214076134390354.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location ~ \.php { #fastcgi_pass remote_php_ip:9000; fastcgi_pass unix:/dev/shm/php-cgi.sock; fastcgi_index index.php; include fastcgi_params; set $real_script_name $fastcgi_script_name; if ($fastcgi_script_name ~ "^(.+?\.php)(/.+)$") { set $real_script_name $1; #set $path_info $2; } fastcgi_param SCRIPT_FILENAME $document_root$real_script_name; fastcgi_param SCRIPT_NAME $real_script_name; #fastcgi_param PATH_INFO $path_info; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|ico)$ { expires 30d; access_log off; } location ~ .*\.(js|css)?$ { expires 7d; access_log off; } } server { # 支持web 80端口訪問 listen 80; # 配置訪問域名不包含協議 server_name yc-mv.tenpower.club; # 使用url重寫模塊重寫url 訪問非https的url重定向到http上去 rewrite ^/(.*) https://yc-mv.tenpower.club/$1 permanent; } ``` **所以靜態資源服務器的這么配置：** 同時支持 https 和 http 訪問，不做重定向。 ```shell [root@iZuf6fvttmu9vkdbnencgpZ vhost]# vi static.tenpower.club.conf server { listen 443 ssl; #listen 80; server_name static.tenpower.club; access_log off; index index.html index.htm index.php; #include /usr/local/nginx/conf/rewrite/none.conf; root /data/wwwroot/static.tenpower.club; ssl_certificate /usr/local/nginx/cert/static.tenpower.club/214076243630354.pem; ssl_certificate_key /usr/local/nginx/cert/static.tenpower.club/214076243630354.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location ~ [^/]\.php(/|$) { #fastcgi_pass remote_php_ip:9000; fastcgi_pass unix:/dev/shm/php-cgi.sock; fastcgi_index index.php; include fastcgi.conf; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|ico)$ { expires 30d; access_log off; } location ~ .*\.(js|css)?$ { expires 7d; access_log off; } } server { listen 80; server_name static.tenpower.club; #rewrite ^/(.*) https://yc-mv.tenpower.club/$1 permanent; } ``` >[tip] 即使配置為兩者同時支持，不做跳轉處理，在使用360和谷歌等瀏覽器測試時發現，如果訪問過https的地址，再次訪問不加https的地址也會跳轉到https上去，它竟然會自動幫助用戶訪問安全的地址，**這是瀏覽器自己的行為，而不是web服務器這樣配置的，** 這可能會給我們測試時帶來困惑，所以要多換幾個瀏覽器測試一下。 * * * * * 不加www跳轉到加www ``` server { listen 80; server_name www.123.com 123.com; access_log off; index index.html index.htm index.php; root /data/wwwroot/123.com; if ($host != www.123.com) { return 301 $scheme://www.123.com$request_uri; } include /usr/local/nginx/conf/rewrite/none.conf; #error_page 404 /404.html; #error_page 502 /502.html; location ~ [^/]\.php(/|$) { #fastcgi_pass remote_php_ip:9000; fastcgi_pass unix:/dev/shm/php-cgi.sock; fastcgi_index index.php; include fastcgi.conf; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ { expires 30d; access_log off; } location ~ .*\.(js|css)?$ { expires 7d; access_log off; } location ~ /\.ht { deny all; } } ``` >[tip] 更多項目配置用法參見：[WebServer配置 · web開發最佳實踐 · 看云](http://www.hmoore.net/xiak/web-dev-best-practice/708059) * * * * * ### 參考 - [微信小程序Server端環境配置詳解（SSL……](http://www.myhack58.com/Article/sort099/sort0102/2017/83246.htm) - [Nginx環境下http和https(ssl)共存的方法](http://jingyan.baidu.com/article/b87fe19e9a309b5218356818.html) - [Nginx配置同一個域名同時支持http與https兩種方式訪問 - 周伯通的麥田 - 博客園](https://www.cnblogs.com/phpper/p/6441475.html) - [Nginx配置實現CORS | youyu歲月](http://www.itzh.org/2017/12/25/CORS_config_for_nginx/) * * * * * update time：2018-8-8 23:02:13