环境是使用lnmp一键安装包搭建的;
1 首先去这个网站*载下**证书:免费ssl证书
最终会得到两个文件
2:在/usr/local/nginx/conf创建cert目录把这两个文件放进去,这个地址后面有用。
编辑/usr.local/nginx/conf/nginx.conf:添加下面这段:
server {
listen 443;
server_name www.domain.cn; #这里改成你的
ssl on;
root /home/wwwroot/default; #你的地址
#下面两个是上面*载下**的两个文件地址
ssl_certificate /usr/local/nginx/conf/cert/full_chain.pem;
ssl_certificate_key /usr/local/nginx/conf/cert/private.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on;
index index.php index.html index.htm; # 优先解析php文件 # 匹配后缀为php的文件
location ~ \.php?.*$
{
root /home/wwwroot/default; # 设置网站根目录
fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
include fastcgi_params;
}
location /nginx_status
{
stub_status on; access_log off;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /\.
{
deny all;
}
access_log /home/wwwlogs/access.log;
}
注意最终格式是http:{server{}}不要把这段写在http外面了
如果有概率出现:No input file specified.但是重启php后正常
vim fastcgi.conf
将下面这行,注释
fastcgi_param PHP_ADMIN_VALUE "open_basedir=$document_root/:/tmp/:/proc/";
然后,重启lnmp