【已经解决,配置大家可以参考下】nginx配置
本帖最后由 akige 于 2018-5-27 20:19 编辑最近忙。后来没去弄这个了。
还是这个帖子。https://www.hs2v.com/thread-446933-3-1.html
大佬您把测试好的配置文件发我就行。你那边建个index.html测试下就行。
请看下上面帖子的需求。 配置文件最好基于军哥的lnmp来改。
这是我的一个配置。老是有问题。
---------------------------------------
追加: 这是我测试后的一个比较满意。容易懂的配置。希望大家能少走弯路。供参考。我用的是301.没用rewrite。
[*]
[*]
[*]
[*]server {
[*] listen 80;
[*] server_name xxx.com www.xxx.com;
[*] return 301 https://www.xxx.com$request_uri;
[*] #rewrite ^(.*)$ https://www.xxx.com$1 permanent;
[*]}
[*]
[*]server {
[*] listen 443 ssl http2;
[*] ssl_certificate /etc/letsencrypt/live/xxx.com/fullchain.pem;
[*] ssl_certificate_key /etc/letsencrypt/live/xxx.com/privkey.pem;
[*] server_name xxx.com;
[*] return 301 https://www.xxx.com$request_uri;
[*] #rewrite ^(.*)$ https://www.xxx.com$1 permanent;
[*]}
[*]
[*]
[*]
[*]server
[*] {
[*] listen 443 ssl http2;
[*] #listen [::]:443 ssl http2;
[*] server_name www.xxx.com ;
[*] index index.html index.htm index.php default.html default.htm default.php;
[*] root/home/wwwroot/www.xxx.com;
[*] ssl on;
[*] ssl_certificate /etc/letsencrypt/live/www.xxx.com/fullchain.pem;
[*] ssl_certificate_key /etc/letsencrypt/live/www.xxx.com/privkey.pem;
[*] ssl_session_timeout 5m;
[*] ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
[*] ssl_prefer_server_ciphers on;
[*] ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
[*] ssl_session_cache builtin:1000 shared:SSL:10m;
[*] # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
[*] ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;
[*]
[*]
[*] include other.conf;
[*] #error_page 404 /404.html;
[*]
[*] # Deny access to PHP files in specific directory
[*] #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }
[*]
[*] include enable-php.conf;
[*]
[*] location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
[*] {
[*] expires 30d;
[*] }
[*]
[*] location ~ .*\.(js|css)?$
[*] {
[*] expires 12h;
[*] }
[*]
[*] location ~ /.well-known {
[*] allow all;
[*] }
[*]
[*] location ~ /\.
[*] {
[*] deny all;
[*] }
[*]
[*] access_log/home/wwwlogs/www.xxx.com.log;
[*] }
[*]
[*]
[*]复制代码
宝塔默认的http跳https规则直接拿来用不行吗? 帮你顶一下,希望大佬帮你 不带www的 dns那里设置301 nginx这里就做个跳https不就好了 server {
listen 80;
server_name xxx.com www.xxx.com;
return 301 https://www.xxx.com$request_uri;
}
server {
listen 443 ssl;
ssl_certificate/home/ssl/www.xxx.com/www.xxx.com.crt;
ssl_certificate_key/home/ssl/www.xxx.com/www.xxx.com.key;
server_name xxx.com;
return 301 https://www.xxx.com$request_uri;
}
server
{
listen 443 ssl http2;
ssl on;
ssl_certificate /home/ssl/www.xxx.com/www.xxx.com.crt;
ssl_certificate_key /home/ssl/www.xxx.com/www.xxx.com.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict–Transport–Security “max-age=31536000”;
#listen [::]:80;
server_name www.xxx.com;
index index.html index.htm index.php default.html default.htm default.php;
root/home/wwwroot/www.xxx.com; server
{
listen 80;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/www.xxx.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.xxx.com/privkey.pem;#证书路径自己改
server_name xxx.com ;
return 301 http://www.xxx.com$request_uri;
}
server
{
listen 80;
listen 443 ssl http2;
server_name www.xxx.com ;
index index.html index.htm index.php default.html default.htm default.php;
root/home/wwwroot/www.xxx.com;
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
ssl on;
ssl_certificate /etc/letsencrypt/live/www.xxx.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.xxx.com/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
ssl_session_cache builtin:1000 shared:SSL:10m;
# openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;
include other.conf;
#error_page 404 /404.html;
# Deny access to PHP files in specific directory
#location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }
include enable-php.conf;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /.well-known {
allow all;
}
location ~ /\.
{
deny all;
}
access_log/home/wwwlogs/www.xxx.com.log;
}
直接上宝塔不好吗??
黑街天祖 发表于 2018-5-27 18:44
www.xxx.com是不会跳的。 你这个。我已经修改。请参考以下我的。谢谢回复! 踏马在逗我?
return 301 和 rewrite 不都是 301 ?
(虽然 rewrite 有 4 种 flag
页:
[1]