同是lnmpa的。
最近在弄ssl的问题,百思不得其姐。
看了很多文章,用下面的配置,已经接近完全成功。
nginx配置一个443的server,一个80的server(我这个用来强制跳转到https)。
nginx的配置文件:
server
{
listen 443;
#listen [::]:80;
server_name
ca.net www.ca.net;
index index.html index.htm index.php default.html default.htm default.php;
root /home/xxxxx/xxxxx;
ssl on;
ssl_certificate crt; #修改具体文件
ssl_certificate_key key; #修改具体文件
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
keepalive_timeout 60;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
location / {
try_files $uri @
apache;
}
location @
apache {
internal;
proxy_pass http://127.0.0.1:88;
include proxy.conf;
}
location ~ [^/]\.php(/|$)
{
proxy_pass http://127.0.0.1:88;
include proxy.conf;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
access_log off;
}
server {
listen 80;
server_name
sinoca.net www.sca.net;
rewrite ^/(.*)
https://www.ca.net/$1 permanent;
}
apache要怎么弄?
默认不设置的话,混合内容直接被chrome和火狐过滤掉。也就是引入的http链接的css,js等不会加载,网页框架就不正常了。
apache也需要开启ssl。
apache配置文件:
<VirtualHost *:88>
ServerAdmin
[email protected]php_admin_value open_basedir "/xxxx/xxxx/xxxx:/tmp/:/var/tmp/:/proc/"
DocumentRoot "/xxxx/xxxx/xxxx"
ServerName
ca.netServerAlias
www.ca.net#SSL Engine Switch:
#Enable/Disable SSL for this virtual host.
SSLEngine on
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateFile ".crt"
SSLCertificateKeyFile "/usr/.......key"
#ErrorLog "logs/-error_log"
#CustomLog "logs/-access_log" common
</VirtualHost>
重启服务就可以解决大部分问题了。主题和wordpress自带的css以及js这时候都是https链接了。
因为wordpress的主题和插件太随意,还是有部分资源以http开头,这个需要自己去修改了。
这些资源多半是设置的绝对链接。
http://v2.freep.cn/3tb_14081523585682cu512293.png目前的疑问是,apache(2.2.27)是否支持单ip多证书的问题,有知道的么?