LNMP强制https访问
LNMP设置强制https访问可以添加一个rewrite,也可以通过一条301跳转实现,推荐第二种方式。在实际设置的时候需要在虚拟主机的conf文件里多加一个server段,443监听在上面,80端口在下面。如果顺序反了则会出现跳转到了nginx欢迎界面的情况。一般虚拟主机配置文件位于:/usr/local/nginx/conf/vhost/域名.conf,在配置文件最后面加上如下代码,自行修改相应配置:
普通的根域名301跳转到www域名
server { listen 80; server_name cmsky.com; return 301 http://www.cmsky.com$request_uri; }
http强制跳转到https并开启http2
server { listen 443 ssl; server_name sdk.open.test.com; index index.html index.htm index.php; root /data/www/web/; charset utf-8; location ~.*\.(swf|xml|mp3|png|jpg|gif|data)$ { expires max; } location ~.*\.(css|js|mx)$ { expires 96h; } location ~ /.svn/ { deny all; } location ~ .*\.php$ { include fastcgi.conf; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; expires off; } ssl on; ssl_certificate /usr/local/nginx/ssl/ea93balk25xh3f9.crt; ssl_certificate_key /usr/local/nginx/ssl/9yrt62bv1z4s35la.key; access_log /data/logs/sdk.open.test.com.access.log access; error_log /data/logs/sdk.open.test.com.error.log warn; }
server
{
listen 80;
server_name sdk.open.test.com;
return 301 https://$server_name$request_uri;
//rewrite ^/(.*) https://ssl.lanbing.org/$1 permanent; #关键代码仔细比较两者的跳转的区别
}