http重定向到https

最新推荐文章于 2024-12-02 08:15:00 发布

原创最新推荐文章于 2024-12-02 08:15:00 发布 · 3.2k 阅读

本内容遵循CC 4.0 BY-SA版权协议

本文详细介绍了如何在Nginx中配置HTTPS，包括证书的放置位置、SSL协议的设置、重定向HTTP到HTTPS的方法以及Nginx配置文件的具体参数调整。通过本文，读者可以学习到如何提升网站的安全性和性能。

官方文档:https://cloud.tencent.com/document/product/400/4143#ApacheCertificateOfDeployment
一定要把nginx的两个证书放到/usr/local/nginx/conf下

//增加 /use/local/nginx/conf/nginx.conf      start
server{
    listen 80;
    server_name www.cacov.cn;
    #告诉浏览器有效期内只准用 https 访问
    add_header Strict-Transport-Security max-age=15768000;
    #永久重定向到 https 站点
    return 301 https://$server_name$request_uri;
}
//增加这个server就行        end
server
    {
        listen 443;
        #listen [::]:80 default_server ipv6only=on;
        server_name www.cacov.cn;
        ssl on;
        ssl_certificate 1_www.cacov.cn_bundle.crt;
        ssl_certificate_key 2_www.cacov.cn.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
        ssl_prefer_server_ciphers on;
        index index.html index.htm index.php;
        root  /home/wwwroot/laravel_admin/public;

        #error_page   404   /404.html;

        # Deny access to PHP files in specific directory
        #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }

        include proxy-pass-php.conf;

        location /nginx_status
        {
            stub_status on;
            access_log   off;
        }

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
                expires      30d;
        }

        location ~ .*\.(js|css)?$
        {
                expires      12h;
        }

        location ~ /.well-known {
                allow all;
        }

        location ~ /\.
        {
            deny all;
        }

        access_log  /home/wwwlogs/access.log;
    }