http段
# 禁止通过ip地址访问
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 400;
}
# 允许通过域名访问-自动跳转到https
server {
listen 80;
server_name 你的域名.com;
rewrite ^(.*) https://$server_name$1 permanent;
}
https段
# 禁止通过ip地址访问-https
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
#ssl on;
ssl_certificate 3935979_www.slience.com.pem;
ssl_certificate_key 3935979_www.slience.com.key;
server_name _;
return 400;
}
server
{
listen 443 ssl; #监听端口
server_name 你的域名.com; #域名
index index.html index.htm index.php;
ssl_certificate # 你的证书.pem;
ssl_certificate_key 你的证书key.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
root /home/web/html; # 你的站点目录
location ~ .*\.(php|php5)?$
{
#fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|ico)$
{
expires 30d;
# access_log off;
}
location ~ .*\.(js|css)?$
{
expires 15d;
# access_log off;
}
access_log off;
}
