sae小站部署https ssl nginx遇到的问题 301
其实主要是301重定向的问题
特别注意 修改了nginx配置后,如果需要测试301重定向或者https的功能,用360浏览器,每次重启nignx之前把上网痕迹清理掉
###############################################################################################
https://www.west.cn/faq/list.asp?Unid=1406
西部数码的证书
Nginx 部署SSL证书 (特别注意下面加红内容,需要先合并.crt、.cer文件)
a. 查看nginx是否开启ssl
执行命令: nginx安装目录/sbin/nginx -V, 查看命令结果中是否包含"--with-http_ssl_module",否则请先安装ssl模块
b. 配置证书到对应的站点
编辑站点对应的站点配置文件,新增或修改如下内容
server {
listen 443 ssl; #将原来的80 修改为443
...
root /www/web/xxxx/public_html;
ssl_certificate 证书文件路径/_www.domain.com.crt; #需将_www.domain.com.cer 中的内容复制到这个文件头部,中间不要有空行
ssl_certificate_key 证书文件路径/_www.domain.com.key; #证书密钥文件
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL;
...
}
##################################################################################################
下面是一个能用的配置,http和https都可以用的配置
##################################################################################################
server {
listen 80;
server_name www.163py.com 163py.com;
if ($host != 'www.163py.com'){
rewrite ^/(.*)$ http://www.163py.com/$1 permanent;
}
#if ($scheme = http ) {
# rewrite ^(.*)$ https://$host$1 permanent;
#}
client_max_body_size 10m;
access_log /var/log/nginx/access_yly.log;
error_log /var/log/nginx/error_yly.log;
#server_name somename alias another.alias;
location / {
include uwsgi_params;
uwsgi_pass 127.0.0.1:9090;
}
location ^~ /media {
alias /home/sy/workspace/yuanxiao/1/stock/media;
}
location ^~ /static {
alias /home/sy/workspace/yuanxiao/1/stock/static;
}
#location ^~ /.well-known/pki-validation {
# alias /home/sy/ca;
#}
location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|mov) {
access_log off;
expires 30d;
}
}
server {
listen 443 ssl;
server_name www.163py.com 163py.com;
if ($host != 'www.163py.com'){
rewrite ^/(.*)$ https://www.163py.com/$1 permanent;
}
ssl on;
ssl_certificate /home/sy/ca/www.163py.com_ca.crt;
ssl_certificate_key /home/sy/ca/www.163py.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 10m;
access_log /var/log/nginx/access_yly.log;
error_log /var/log/nginx/error_yly.log;
#server_name somename alias another.alias;
location / {
include uwsgi_params;
uwsgi_pass 127.0.0.1:9090;
}
location ^~ /media {
alias /home/sy/workspace/yuanxiao/1/stock/media;
}
location ^~ /static {
alias /home/sy/workspace/yuanxiao/1/stock/static;
}
#location ^~ / {
# alias /home/sy/ca;
#}
location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|mov) {
access_log off;
expires 30d;
}
}
##################################################################################################