nginx 80端口配置https自签名证书

注意事项

配置完成后curl检测没有问题,浏览器显示400 Bad Request的问题。
在nginx文件下的fastcgi_params文件末尾增加配置
fastcgi_param HTTPS $fastcgi_https;
然后再配置文件顶部增加这段配置(注意不要放到server{}里面)
map $scheme $fastcgi_https {
default off;
https on;
}

nginx配置文件

map $scheme $fastcgi_https {
  default off;
  https on;
}

server
{
	listen 80;
	listen 443 ssl http2;
	server_name menglin.fast;

	root 项目路径;
	index	index.php	

	ssl_client_certificate /etc/nginx/ssl_key/menglin.fast.crt;#双向认证
	access_log /var/log/nginx/menglin1042_access.log;
	error_log /var/log/nginx/menglin1042_error.log;

	#SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
	#error_page 404/404.html;
	#HTTP_TO_HTTPS_START
	if ($server_port !~ 443){
		rewrite ^(/.*)$ https://$host$1 permanent;
	}
	
	#HTTP_TO_HTTPS_END
	ssl_certificate /etc/nginx/ssl_key/server.crt;#配置证书位置
	ssl_certificate_key /etc/nginx/ssl_key/server.key;#配置秘钥位置
	ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
	ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
	ssl_prefer_server_ciphers on;
	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 10m;
	error_page 497  https://$host$request_uri;

	location / {
		if (!-e $request_filename) {
			rewrite  ^(.*)$  /index.php?s=/$1  last;
			break;
		}
		#auth_basic "登录认证";
		#auth_basic_user_file /etc/nginx/pass_file;
		#过滤
		#allow 127.0.0.1;
		#deny all;
	}

	#路由跳转
	location ~ htyml{
                rewrite  ^(.*)$  /uPHzGEcadU.php  permanent;
        }
        
	location ~ api.html{
                index api.html;
		#proxy_pass http://127.0.0.1:1080;
	}

	#缓存
#	location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ {
#		expires      30d;
#		error_log off;
#		access_log /dev/null;
#	}
#	location ~ .*\.(js|css)?$ {
#		expires      12h;
#		error_log off;
#		access_log /dev/null; 
#	}

	#错误页面
	error_page   500 502 503 504  /50x.html;
        error_page   404        /404.html;
        location = /50x.html {
            root   /var/www/nginx/error_nginx;
        }
        location = /404.html {
           root   /var/www/nginx/error_nginx;
        }

	#配置
	location ~ \.php(.*)$ {
		#root;
		#fastcgi_pass   127.0.0.1:9000;
		#fastcgi_index  index.php;

	        fastcgi_index index.php;
		fastcgi_pass  unix:/var/run/php/php7.2-fpm.sock;

	        #为了支持pathinfo 增加如下设置
		#下面两句是给fastcgi权限,可以支持 ?s=/module/controller/action的url访问$
		fastcgi_split_path_info  ^((?U).+\.php)(/?.+)$;
		fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;

		#下面两句才能真正支持 index.php/index/index/index的pathinfo模式
		fastcgi_param  PATH_INFO  $fastcgi_path_info;
		fastcgi_param  PATH_TRANSLATED  $document_root$fastcgi_path_info;
		#fastcgi_param PHP_ADMIN_VALUE "open_basedir=$document_root/:/tmp/:/proc/:php执行路径";
		include        fastcgi_params;
    }

   client_max_body_size 50M;
}

你可能感兴趣的:(Linux,nginx,php,linux,fastadmin)