nginx 配置 https 并强制跳转(lnmp一键安装包)
1、安装包
安装你们按照官方说的安装便可。php
./install.sh lnmpa
2、配置
为域名 bbs.wzlinux.com 配置虚拟主机css
[root@test ~]# lnmp vhost add +-------------------------------------------+ | Manager for LNMP, Written by Licess | +-------------------------------------------+ | https://lnmp.org | +-------------------------------------------+ Please enter domain(example: www.lnmp.org): bbs.wzlinux.com Your domain: bbs.wzlinux.com Enter more domain name(example: lnmp.org *.lnmp.org): Please enter the directory for the domain: bbs.wzlinux.com Default directory: /home/wwwroot/bbs.wzlinux.com: Virtual Host Directory: /home/wwwroot/bbs.wzlinux.com Allow access log? (y/n) y Enter access log filename(Default:bbs.wzlinux.com.log): You access log filename: bbs.wzlinux.com.log Please enter Administrator Email Address: wangzan18@126.com Server Administrator Email:wangzan18@126.com Create database and MySQL user with same name (y/n) n Add SSL Certificate (y/n) y 1: Use your own SSL Certificate and Key 2: Use Let's Encrypt to create SSL Certificate and Key Enter 1 or 2: 2 It will be processed automatically. Press any key to start create virtul host... Create Virtul Host directory...... set permissions of Virtual Host directory...... Test Nginx configure file...... nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful Reload Nginx...... Test Apache configure file... test apache configure... Syntax OK done Restart Apache... graceful apache... done --2019-05-08 16:15:37-- https://soft.vpser.net/lib/acme.sh/latest.tar.gz Resolving soft.vpser.net (soft.vpser.net)... 50.93.201.152, 2600:3c01::f03c:91ff:fe92:1a06 Connecting to soft.vpser.net (soft.vpser.net)|50.93.201.152|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 128963 (126K) [application/octet-stream] Saving to: ‘latest.tar.gz’ 100%[==========================================================================================================================================================================================>] 128,963 296KB/s in 0.4s 2019-05-08 16:15:39 (296 KB/s) - ‘latest.tar.gz’ saved [128963/128963] [Wed May 8 16:15:39 CST 2019] It is recommended to install socat first. [Wed May 8 16:15:39 CST 2019] We use socat for standalone server if you use standalone mode. [Wed May 8 16:15:39 CST 2019] If you don't use standalone mode, just ignore this warning. [Wed May 8 16:15:39 CST 2019] Installing to /usr/local/acme.sh [Wed May 8 16:15:39 CST 2019] Installed to /usr/local/acme.sh/acme.sh [Wed May 8 16:15:39 CST 2019] Installing alias to '/root/.bashrc' [Wed May 8 16:15:39 CST 2019] OK, Close and reopen your terminal to start using acme.sh [Wed May 8 16:15:39 CST 2019] Installing alias to '/root/.cshrc' [Wed May 8 16:15:39 CST 2019] Installing alias to '/root/.tcshrc' [Wed May 8 16:15:39 CST 2019] Installing cron job no crontab for root no crontab for root [Wed May 8 16:15:39 CST 2019] Good, bash is found, so change the shebang to use bash as preferred. [Wed May 8 16:15:39 CST 2019] OK Redirecting to /bin/systemctl restart crond.service Note: Forwarding request to 'systemctl enable crond.service'. Starting create SSL Certificate use Let's Encrypt... [Wed May 8 16:15:41 CST 2019] Registering account [Wed May 8 16:15:43 CST 2019] Registered [Wed May 8 16:15:43 CST 2019] ACCOUNT_THUMBPRINT='-cKHSTDQhjSIjWvO8OFcqx4cURrIDG88TaHlE_OkRDM' [Wed May 8 16:15:43 CST 2019] Creating domain key [Wed May 8 16:15:43 CST 2019] The domain key is here: /usr/local/nginx/conf/ssl/bbs.wzlinux.com/bbs.wzlinux.com.key [Wed May 8 16:15:43 CST 2019] Single domain='bbs.wzlinux.com' [Wed May 8 16:15:43 CST 2019] Getting domain auth token for each domain [Wed May 8 16:15:44 CST 2019] Getting webroot for domain='bbs.wzlinux.com' [Wed May 8 16:15:45 CST 2019] Verifying: bbs.wzlinux.com [Wed May 8 16:15:48 CST 2019] Success [Wed May 8 16:15:48 CST 2019] Verify finished, start to sign. [Wed May 8 16:15:48 CST 2019] Lets finalize the order, Le_OrderFinalize: https://acme-v02.api.letsencrypt.org/acme/finalize/56638729/438522172 [Wed May 8 16:15:50 CST 2019] Download cert, Le_LinkCert: https://acme-v02.api.letsencrypt.org/acme/cert/046b73070d79dd7f8275ef2ce8235ddab879 [Wed May 8 16:15:50 CST 2019] Cert success. [Wed May 8 16:15:50 CST 2019] Your cert is in /usr/local/nginx/conf/ssl/bbs.wzlinux.com/bbs.wzlinux.com.cer [Wed May 8 16:15:50 CST 2019] Your cert key is in /usr/local/nginx/conf/ssl/bbs.wzlinux.com/bbs.wzlinux.com.key [Wed May 8 16:15:50 CST 2019] The intermediate CA cert is in /usr/local/nginx/conf/ssl/bbs.wzlinux.com/ca.cer [Wed May 8 16:15:50 CST 2019] And the full chain certs is there: /usr/local/nginx/conf/ssl/bbs.wzlinux.com/fullchain.cer [Wed May 8 16:15:51 CST 2019] Run reload cmd: /etc/init.d/nginx reload Reload service nginx... done [Wed May 8 16:15:51 CST 2019] Reload success Let's Encrypt SSL Certificate create successfully. Create dhparam.pem... Generating DH parameters, 2048 bit long safe prime, generator 2 This is going to take a long time .........................................................................................................................................................................................................................................+....................................................................................+..............................................................................+..............................................................................+...............................................................................................................................+.....+.............................+...............................................................................................................................+......+.......................................+...........................................................................................................+.....................................................................................................................................................................................................................................................+.................................................................+.........................................................................+...................................................+....................................................................+......................................................................................+......................+.........+...................................................................+...................................+................................................................................................+...............................................................+......................................................................+...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................+.........+.....................+....................++*++* Test Nginx configure file...... nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful Reload Nginx...... ================================================ Virtualhost infomation: Your domain: bbs.wzlinux.com Home Directory: /home/wwwroot/bbs.wzlinux.com Enable log: yes Create database: no Create ftp account: no Enable SSL: yes =>Let's Encrypt ================================================
添加好测试页面,就能够了,咱们发现也是正常的。html
3、查看配置文件
首先查看 Nginx 配置文件 /usr/local/nginx/conf/vhost/bbs.wzlinux.com.conf,咱们看到 http 和 https 都是能够访问的。linux
server
{
listen 80;
#listen [::]:80;
server_name bbs.wzlinux.com ;
index index.html index.htm index.php default.html default.htm default.php;
root /home/wwwroot/bbs.wzlinux.com;
#error_page 404 /404.html;
# Deny access to PHP files in specific directory
#location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }
include proxy-pass-php.conf;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /.well-known {
allow all;
}
location ~ /\.
{
deny all;
}
access_log /home/wwwlogs/bbs.wzlinux.com.log;
}
server
{
listen 443 ssl http2;
#listen [::]:443 ssl http2;
server_name bbs.wzlinux.com ;
index index.html index.htm index.php default.html default.htm default.php;
root /home/wwwroot/bbs.wzlinux.com;
ssl on;
ssl_certificate /usr/local/nginx/conf/ssl/bbs.wzlinux.com/fullchain.cer;
ssl_certificate_key /usr/local/nginx/conf/ssl/bbs.wzlinux.com/bbs.wzlinux.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
ssl_session_cache builtin:1000 shared:SSL:10m;
# openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;
#error_page 404 /404.html;
# Deny access to PHP files in specific directory
#location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }
include proxy-pass-php.conf;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /.well-known {
allow all;
}
location ~ /\.
{
deny all;
}
access_log /home/wwwlogs/bbs.wzlinux.com.log;
}
3.一、设定强制跳转 https
方法1:能够在server 80 里面添加一个一个重定向。nginx
rewrite ^(.*)$ https://$host$1 permanent;
或者web
server_name bbs.wzlinux.com; rewrite ^(.*)$ https://$server_name$1 permanent;
或者apache
listen 80;
server_name bbs.wzlinux.com bbs1.wzlinux.com bbs2.wzlinux.com;
if ($host != 'bbs.wzlinux.com') {
rewrite ^/(.*)$ https://bbs.wzlinux.com/$1 permanent;
}
或者后端
if ($http_x_forwarded_proto != "https")
{
rewrite ^/(.*)$ https://$host/$1 permanent;
}
或者api
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
或者使用 returnbash
if ($server_port = 80 ) {
return 301 https://$host$request_uri;
}
或者
return 301 https://$host$request_uri;
3.2 Rewrite 经常使用全局变量举例
变量 说明 $args 存放了请求url中的请求指令。好比http://www.myweb.name/server/source?arg1=value1&arg2=value2中的arg1=value1&arg2=value2 $content_length 存放请求头中的Content-length字段 $content_type 存放了请求头中的Content-type字段 $document_root 存放了针对当前请求的根路径 $document_uri 请求中的uri,不包含请求指令 ,好比好比http://www.myweb.name/server/source?arg1=value1&arg2=value2中的/server/source $host 存放了请求url中的主机字段,好比好比http://www.myweb.name/server/source?arg1=value1&arg2=value2中的www.myweb.name。若是请求中的主机部分字段不可用或者为空,则存放nginx配置中该server块中server_name指令的配置值 $http_user_agent 存放客户端的代理 $http_cookie cookie $limit_rate nginx配置中limit_rate指令的配置值 $remote_addr 客户端的地址 $remote_port 客户端与服务器端创建链接的端口号 $remote_user 变量中存放了客户端的用户名 $request_body_file 存放了发给后端服务器的本地文件资源的名称 $request_method 存放了客户端的请求方式,如get,post等 $request_filename 存放当前请求的资源文件的路径名 $requset_uri 当前请求的uri,而且带有指令 $query_string $args含义相同 $scheme 客户端请求使用的协议,如http,https,ftp等 $server_protocol 客户端请求协议的版本,如”HTTP/1.0”,”HTTP/1.1” $server_addr 服务器的地址 $server_name 客户端请求到达的服务器的名称 $server_port 客户端请求到达的服务器的端口号 $uri 同 $document_uri
欢迎你们扫码关注,获取更多信息
相关文章
- 1. Nginx配置http强制跳转到https
- 2. Nginx 配置https强制跳转
- 3. nginx http强制跳转https
- 4. Nginx配置SSL并强制http跳转到https
- 5. nginx配置https并强制跳转443端口
- 6. Nginx代理https强制http跳转https
- 7. nginx 配置 HTTPS 及http 强制跳转https.
- 8. nginx配置https证书并跳转
- 9. virtualbox用一键lnmp安装包配置lnmp环境
- 10. lnmp 一键安装包下fastadmin 后台跳转登陆404
- 更多相关文章...
- • Git 安装配置 - Git 教程
- • Docker 安装 Nginx - Docker教程
- • IntelliJ IDEA 代码格式化配置和快捷键
- • Composer 安装与使用
相关标签/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
欢迎关注本站公众号,获取更多信息
