centos nginx https configuration

1. What if you want to configure a domain name to a specified directory

server {
        listen  80;    
        server_name Change your domain name here,for example baidu.com;    
        set $root_path '/home/wwwroot/tapai_html/';    
        root $root_path;
        
        index index.html index.php index.htm;    
        
        # rewrite ^(.*) https://$server_name;
        try_files $uri $uri/ @rewrite;    
        

        location @rewrite {    
            rewrite ^/(.*)$ /index.php?_url=/$1;    
        }    
        
        location ~ \.php {    
        
            fastcgi_pass 127.0.0.1:9000;    
            fastcgi_index /index.php;    
        
            fastcgi_split_path_info       ^(.+\.php)(/.+)$;    
            fastcgi_param PATH_INFO       $fastcgi_path_info;    
            fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;    
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;    
            include                       fastcgi_params; 
        }   

        # location /imgtext_detail {
                # proxy_pass /home/wwwroot/tapai_html/imgtext_detail;
                # proxy_pass http://127.0.0.1:9000/imgtext_detail/;
        # }

        location ~* ^/(css|img|js|flv|swf|download)/(.+)$ {    
            root $root_path;    
        }    
        
        location ~ /\.ht {    
            deny all;    
        }    
    }

2. If you want this domain name to support https access at the same time, what should you do? The following server and the above server should be at the same time

server {
       listen       443;
       listen       [::]:443;
       server_name  Change your domain name here,for example baidu.com;
       root         /home/wwwroot/tapai_html/;

       ssl on; 
    #    ssl_session_tickets off;
       ssl_certificate "/etc/nginx/ssl/Here is the certificate.crt"; #It could be. pem
       ssl_certificate_key "/etc/nginx/ssl/Here's the secret key.key";
       ssl_session_cache shared:SSL:1m;
       ssl_session_timeout  10m;
       ssl_ciphers HIGH:!aNULL:!MD5;
       ssl_prefer_server_ciphers on;

       # Load configuration files for the default server block.
       include /etc/nginx/default.d/*.conf;

       error_page 404 /404.html;
           location = /40x.html {
       }

       error_page 500 502 503 504 /50x.html;
           location = /50x.html {
       }
   }

3. If you want the same ip to support two https domain names, what should you do? Copy the server above, change the server name inside to another domain name, and change the certificate and secret key path

server {
       listen       443;
       listen       [::]:443;
       server_name  Another domain name is configured here,such as qq.com;
       root         /home/wwwroot/tapai_html/;

       ssl on; 
    #    ssl_session_tickets off;
       ssl_certificate "/etc/nginx/ssl/Here is the certificate corresponding to this domain name.pem";
       ssl_certificate_key "/etc/nginx/ssl/Here is the secret key corresponding to this domain name.key";
       ssl_session_cache shared:SSL:1m;
       ssl_session_timeout  10m;
       ssl_ciphers HIGH:!aNULL:!MD5;
       ssl_prefer_server_ciphers on;

       # Load configuration files for the default server block.
       include /etc/nginx/default.d/*.conf;

       error_page 404 /404.html;
           location = /40x.html {
       }

       error_page 500 502 503 504 /50x.html;
           location = /50x.html {
       }
   }

Tags: OS X SSL Nginx PHP

Posted on Wed, 06 Nov 2019 13:51:20 -0500 by AVATAr