server {
#SSL 默认访问端口号为 443 样品api小程序
listen 443 ssl;
#请填写绑定证书的域名
server_name api.weiyeying.cn;
#请填写证书文件的相对路径或绝对路径
ssl_certificate /路径/xxx.cn_bundle.crt;
#请填写私钥文件的相对路径或绝对路径
ssl_certificate_key /路径/xxx.cn.key;
ssl_session_timeout 5m;
#请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
#请按照以下协议配置
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
root /目录;
location / {
if (!-e $request_filename){
rewrite ^/(.*) /index.php last;
}
}
location ~ .*\.(php|php5)?$ {
#fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include /usr/local/nginx/conf/fastcgi.conf;
}
}
server {
listen 80;
#请填写绑定证书的域名
server_name www.api.com;
#把http的域名请求转成https
return 301 https://$host$request_uri;
}
配置SSL时执行nginx -t
nginx: [emerg] the "ssl" parameter requires ngx_http_ssl_module in
nginx未安装ssl扩展--
查看版本
[root@VM-0-11-centos goods]# nginx -v nginx version: nginx/1.20.1
找到安装目录 可以find查询下
//编译
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
//覆盖安装
make
//备份原来nginx配置文件
cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
//将刚生成的配置覆盖原来的配置
cp ./objs/nginx /usr/local/nginx/sbin/
//停止nginx
pkill nginx
//进入目录启动
cd /usr/local/nginx/sbin
./nginx
nginx -V
nginx version: nginx/1.20.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
