【已经解决，配置大家可以参考下】nginx配置

akige

最近忙。后来没去弄这个了。
还是这个帖子。http://www.hostloc.com/thread-446933-3-1.html

大佬您把测试好的配置文件发我就行。你那边建个index.html测试下就行。

请看下上面帖子的需求。 配置文件最好基于军哥的lnmp来改。



这是我的一个配置。老是有问题。


---------------------------------------
追加： 这是我测试后的一个比较满意。容易懂的配置。希望大家能少走弯路。供参考。我用的是301.没用rewrite。

1. 
   
2. 
   
3. 
   
4. server {
   
5.     listen 80;
   
6.     server_name xxx.com www.xxx.com;
   
7.     return 301 https://www.xxx.com$request_uri;
   
8.         #rewrite ^(.*)$ https://www.xxx.com$1 permanent;
   
9. }
   
10. 
    
11. server {
    
12.         listen 443 ssl http2;
    
13.         ssl_certificate /etc/letsencrypt/live/xxx.com/fullchain.pem;
    
14.     ssl_certificate_key /etc/letsencrypt/live/xxx.com/privkey.pem;
    
15.     server_name xxx.com;
    
16.     return 301 https://www.xxx.com$request_uri;
    
17.         #rewrite ^(.*)$ https://www.xxx.com$1 permanent;
    
18. }
    
19. 
    
20. 
    
21. 
    
22. server
    
23.     {
    
24.         listen 443 ssl http2;
    
25.         #listen [::]:443 ssl http2;
    
26.         server_name www.xxx.com ;
    
27.         index index.html index.htm index.php default.html default.htm default.php;
    
28.         root  /home/wwwroot/www.xxx.com;
    
29.         ssl on;
    
30.         ssl_certificate /etc/letsencrypt/live/www.xxx.com/fullchain.pem;
    
31.         ssl_certificate_key /etc/letsencrypt/live/www.xxx.com/privkey.pem;
    
32.         ssl_session_timeout 5m;
    
33.         ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    
34.         ssl_prefer_server_ciphers on;
    
35.         ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
    
36.         ssl_session_cache builtin:1000 shared:SSL:10m;
    
37.         # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
    
38.         ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;
    
39. 
    
40.        
    
41.         include other.conf;
    
42.         #error_page   404   /404.html;
    
43. 
    
44.         # Deny access to PHP files in specific directory
    
45.         #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }
    
46. 
    
47.         include enable-php.conf;
    
48.                
    
49.         location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    
50.         {
    
51.             expires      30d;
    
52.         }
    
53. 
    
54.         location ~ .*\.(js|css)?$
    
55.         {
    
56.             expires      12h;
    
57.         }
    
58. 
    
59.         location ~ /.well-known {
    
60.             allow all;
    
61.         }
    
62. 
    
63.         location ~ /\.
    
64.         {
    
65.             deny all;
    
66.         }
    
67. 
    
68.         access_log  /home/wwwlogs/www.xxx.com.log;
    
69.     }
    
70. 
    
71. 
    

复制代码

flyqie

宝塔默认的http跳https规则直接拿来用不行吗？

蓝洛水深

帮你顶一下，希望大佬帮你

ninqq

不带www的 dns那里设置301 nginx这里就做个跳https不就好了

每次醒来

server {
    listen 80;
    server_name xxx.com www.xxx.com;
    return 301 https://www.xxx.com$request_uri;
}
server {
    listen 443 ssl;
    ssl_certificate  /home/ssl/www.xxx.com/www.xxx.com.crt;
    ssl_certificate_key  /home/ssl/www.xxx.com/www.xxx.com.key;
    server_name xxx.com;
    return 301 https://www.xxx.com$request_uri;
}
server
    {
listen 443 ssl http2;
ssl on;
ssl_certificate /home/ssl/www.xxx.com/www.xxx.com.crt;
ssl_certificate_key /home/ssl/www.xxx.com/www.xxx.com.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict–Transport–Security “max-age=31536000”;
        #listen [::]:80;
        server_name www.xxx.com;
        index index.html index.htm index.php default.html default.htm default.php;
        root  /home/wwwroot/www.xxx.com;

wuxudd

server
    {
        listen 80;
        listen 443 ssl;
         ssl_certificate /etc/letsencrypt/live/www.xxx.com/fullchain.pem;
         ssl_certificate_key /etc/letsencrypt/live/www.xxx.com/privkey.pem;#证书路径自己改
                server_name xxx.com ;
                return 301 http://www.xxx.com$request_uri;
    }

server
    {
        listen 80;
        listen 443 ssl http2;
        server_name www.xxx.com ;
        index index.html index.htm index.php default.html default.htm default.php;
        root  /home/wwwroot/www.xxx.com;
      
    if ($server_port !~ 443){
        rewrite ^(/.*)$ https://$host$1 permanent;
    }

        ssl on;
        ssl_certificate /etc/letsencrypt/live/www.xxx.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/www.xxx.com/privkey.pem;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
        ssl_session_cache builtin:1000 shared:SSL:10m;
        # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
        ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;


        include other.conf;
        #error_page   404   /404.html;

        # Deny access to PHP files in specific directory
        #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }

        include enable-php.conf;
               
        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }

        location ~ .*\.(js|css)?$
        {
            expires      12h;
        }

        location ~ /.well-known {
            allow all;
        }

        location ~ /\.
        {
            deny all;
        }

        access_log  /home/wwwlogs/www.xxx.com.log;
    }

初缘Cvps小站

直接上宝塔不好吗？？

akige

黑街天祖 发表于 2018-5-27 18:44

www.xxx.com是不会跳的。 你这个。我已经修改。请参考以下我的。谢谢回复！

南琴浪

踏马在逗我？
return 301 和 rewrite 不都是 301 ？

（虽然 rewrite 有 4 种 flag