运维 | nginx配置https访问

nginx配置https访问

主要参考：https://zhuanlan.zhihu.com/p/85040625

首先去申请一张免费的证书。
然后去配nginx, 我这里加上了php的配置

server {
    listen 443;
    # server_name mz1.top;
    server_name _;
    ssl on;

    root /var/www/html;
    index index.html index.htm index.php;

    ssl_certificate  cert/mz1.top.pem;
    ssl_certificate_key cert/mz1.top.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }

    # ban requests to db andsession
    location /autodk/api/db/ {
            deny all;
    }
    location /autodk/api/session/ {
            deny all;
    }
    # pass PHP scripts to FastCGI server
    #
    location ~ \.php$ {
            include snippets/fastcgi-php.conf;
             # With php-fpm (or other unix sockets):
            fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
            # With php-cgi (or other tcp sockets):
            #       fastcgi_pass 127.0.0.1:9000;
    }

}