Nginx+PHP+HTTPS的配置模板,如果要部署其它网站,可以基于此进行修改:
# 处理 HTTP 请求,所有请求都重定向到 https://www.jsdd.net
server {
listen 80;
server_name jsdd.net www.jsdd.net; # 同时匹配带 www 和不带 www 的域名
# 所有请求都重定向到 https://www.jsdd.net
return 301 https://www.jsdd.net$request_uri;
}
# 处理不带 www 的 HTTPS 请求,重定向到带 www 的域名
server {
listen 443 ssl http2;
server_name jsdd.net; # 不带 www 的域名
ssl_certificate /etc/nginx/ssl/www.jsdd.net.pem; # 证书路径
ssl_certificate_key /etc/nginx/ssl/www.jsdd.net.key; # 证书路径
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
ssl_ecdh_curve secp384r1;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
# 重定向所有不带 www 的 HTTPS 请求到 www.jsdd.net
return 301 https://www.jsdd.net$request_uri;
}
# 处理带 www 的 HTTPS 请求
server {
listen 443 ssl http2;
root /var/www/jsdd.net; # 确保这里是正确的根目录路径
index index.html index.htm index.php index.nginx-debian.html;
server_name www.jsdd.net;
client_max_body_size 20m;
ssl_certificate /etc/nginx/ssl/www.jsdd.net.pem; # 确保证书路径正确
ssl_certificate_key /etc/nginx/ssl/www.jsdd.net.key; # 确保证书路径正确
#加上TLSv1,HTTPS检测会报PCI DSS不合规
ssl_protocols TLSv1.2 TLSv1.3;# Requires nginx >= 1.13.0 else use TLSv1.2
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php8.3-fpm.sock;
}
}
本文为“技术点滴”的原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接及本声明。