以下内容算不上什么教程什么的,都是从网络上东凑西凑得来,自己折腾后记录下来,方便日后查找。
server { listen 80; listen 443 ssl; #监听443端口 server_name yourdomain.com www.yourdomain.com; #填上域名 index index.html index.htm index.php; root /var/www/yourdomain.com; #设置站点根目录 #-------SSL证书配置 ssl_certificate /home/ssl/server.crt; ssl_certificate_key /home/ssl/server.key; ssl_session_timeout 5m; ssl_protocols SSLv2 SSLv3 TLSv1; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; #-------PHP FastCGI配置 location ~ .php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME /var/www/yourdomain.com$fastcgi_script_name; fastcgi_param HTTPS on; } location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$ { expires 6h; } location ~ .*.(js|css)?$ { expires 12h; } location / { #-----------只允许FX/Opera/Chrome访问 if ($http_user_agent !~* "(firefox|opera|chrome)") { return 403; } #-----------防盗链 valid_referers none blocked *.yourdomain.com; if ($invalid_referer) { return 403; } } #--------wordpress rewrite start--------- location /blog/ { try_files $uri $uri/ /blog/index.php?q=$uri&$args; } #--------wordpress rewrite end--------- #--------twip rewrite start----------- location /DIR1/DIR2/ { if (!-e $request_filename) { rewrite ^/DIR1/DIR2/(.*)$ /DIR1/DIR2/index.php last; } } #--------twip rewrite end----------- #--------dabr rewrite start----------- location /DIR1/DIR2/ { if (!-e $request_filename) { rewrite ^/DIR1/DIR2/(.*)$ /DIR1/DIR2/index.php?q=$1 last; } } location /DIR1/DIR2/oauthproxy/ { if (!-e $request_filename) { rewrite . /DIR1/DIR2/oauthproxy/index.php last; } } #--------dabr rewrite end----------- log_format yourdomain.com '$remote_addr - $remote_user [$time_local] $request ' '$status $body_bytes_sent $http_referer ' '$http_user_agent $http_x_forwarded_for'; access_log /var/www/logs/yourdomain.com.log yourdomain.com; }
对于从StartSSL申请的SSL证书还需要做以下步聚——合并证书链,否则浏览器有可能提示证书不受信任。
wget http://cert.startssl.com/certs/sub.class1.server.ca.pem cat sub.class1.server.ca.pem >> server.crt
然后我们用vi OR nano打开合并后的server.crt,找到文本中部
-----END CERTIFICATE----------BEGIN CERTIFICATE----- #修改为 -----END CERTIFICATE----- -----BEGIN CERTIFICATE-----
至此,nginx的.conf和SSL证书配置完成。接下来我们重新加载nginx。
# nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful # nginx -s reload