网站SSL(HTTPS)证书的配置

By admin, 14 九月, 2015

在startssl.com里可以申请免费的SSL证书。下面是Nginx中的配置例子:

 

server {
    listen 443;
    server_name example.com;

    root /var/example/public;
    index index.php index.html;

    ssl on;
    ssl_certificate /etc/nginx/certs/ssl.chain.crt; #cert.pem;
    ssl_certificate_key /etc/nginx/certs/ssl.key; #cert.key;

    ssl_session_timeout 5m;

    ssl_protocols SSLv3 TLSv1;
    ssl_ciphers HIGH:!aNULL:!MD5:!EXPORT56:!EXP; #ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
    ssl_prefer_server_ciphers on;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
    
        # With php5-cgi alone:
        fastcgi_pass 127.0.0.1:9000;
        # With php5-fpm:
        #fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_read_timeout 600;
                fastcgi_param   HTTPS on;
    }

}

需要注意的是,部分浏览器(手机浏览器)不能识别该证书,要把CA的chain添加进去,Class1的chain如下:

 

wget https://www.startssl.com/certs/sub.class1.server.ca.pem

cat ssl.crt sub.class1.server.ca.pem >ssl.chain.crt

评论

关于文本格式

Restricted HTML

  • 允许的HTML标签:<a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id> <img src>
  • 自动断行和分段。
  • 网页和电子邮件地址自动转换为链接。
验证码
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
请输入"Drupal10"

最新内容

最新评论