nginx 80端口重定向到443端口，也就是http訪問自動跳轉(zhuǎn)到https

配置如下：

一、按照如下格式修改nginx.conf 配置文件，80端口會自動轉(zhuǎn)給443端口，這樣就強制使用SSL證書加密了。訪問http的時候會自動跳轉(zhuǎn)到https上面。

server {

listen 80;

server_name www.域名.com;

rewrite ^(.*)$ https://${server_name}$1 permanent;

}

server {

listen 443;

server_name www.域名.com;

root /home/wwwroot;

ssl on;

ssl_certificate /etc/nginx/certs/server.crt;

ssl_certificate_key /etc/nginx/certs/server.key;

....

}

備注： ${server_name}可以換成$host

二、重啟nginx。

三、示例(以下是我們生產(chǎn)的配置)

server {

listen 80;

server_name www.test.com;

rewrite ^(.*)$ https://${server_name}$1 permanent;

}

server {

listen 443;

server_name www.test.com;

ssl on;

ssl_certificate /etc/pki/CA/certs/214321311540956.pem;

ssl_certificate_key /etc/pki/CA/certs/214321311540956.key;

ssl_session_timeout 5m;

ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_prefer_server_ciphers on;

index index.php index.htm index.html;

error_page 404 /404.html;

error_page 500 502 503 504 /50x.html;

location ~ \.php {

root /alidata/www/html;

fastcgi_pass unix:/tmp/php-cgi.sock;

fastcgi_index index.php;

include fastcgi.conf;

set $path_info "";

set $fastcgi_script_name_new $fastcgi_script_name;

if ($fastcgi_script_name ~* "^(.+\.php)(/.+)$" ) {

set $fastcgi_script_name_new $1;

set $path_info $2;

}

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name_new;

fastcgi_param SCRIPT_NAME $fastcgi_script_name_new;

fastcgi_param PATH_INFO $path_info;

}

location / {

root /alidata/www/html;

index index.php index.html index.htm;

if (!-e $request_filename){

rewrite ^(.*)$ /index.php$1 last;

}

}

}

分享到微信