本文参考:https://blog.csdn.net/rosekissyou/article/details/71104004
修改nginx.conf文件,修改后http{}部分内容为:
server { listen 443; server_name 47.94.240.163; ssl on; root /data/wwwroot/default/xblog; index index.html index.htm index.php; ssl_certificate /usr/local/nginx/cert/214180338860322.pem; ssl_certificate_key /usr/local/nginx/cert/214180338860322.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { root /data/wwwroot/default/xblog; index index.html index.htm index.php; if (!-e $request_filename){ rewrite ^/(.*)$ /index.php?s=$1 last; } #(thinkphp rewrite路由重写模式添加这段,否则是普通模式) } location ~ \.php$ { root /data/wwwroot/default/xblog; fastcgi_pass unix:/dev/shm/php-cgi.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name; fastcgi_param HTTPS on; include fastcgi.conf; } }
如果还需要http:// 正常访问,则需要修改配置重定向到 https://
server { listen 80; listen [::]:80 ssl ipv6only=on; server_name xxx;#域名 return 301 https://xxx$request_uri; #xxx为你的域名 }
可能遇到的几个问题
1 证书的路径配置和域名的路径配置
2 配置代码少量一个括号或者分号之类的
3 没有放证书文件