我安装了让我们encryption我的VPS。 在此之前,页面正常工作,但域后显示“欢迎使用nginx”页面。
我只通过为SSL添加声明来编辑默认值
server { listen 80 default_server; listen [::]:80 default_server; # listen 443; root /var/www/html/public; index index.php index.html index.htm; server_name example.com; location / { try_files $uri $uri/ =404; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/run/php/php7.0-fpm.sock; } location ~ /\.ht { deny all; } location ~ /.well-known { allow all; } return 301 https://$server_name$request_uri; } server { # SSL configuration listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; include snippets/ssl-vrs-factory.net.conf; include snippets/ssl-params.conf; } 什么是坏的? Nginx重启。
如果你使用两个不同的服务器块,你必须configuration两个。
你可以只使用一个服务器块,就像这样,如果你希望你的configuration(根目录等)是相同的http和https:
server { listen 80; listen 443 default_server ssl; // example, set it up as you like. # config }
我邀请你检查官方文件
甚至更好, 你可能试图做的第一个地方是基于return 301行:现在你有一个工作证书,你可以configuration你的现有服务器块的TLS和创build一个新的服务器块redirectHTTP到HTTPS :
server { listen 80; server_name example.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; include snippets/ssl-vrs-factory.net.conf; include snippets/ssl-params.conf; server_name example.com; # Added this to prevent man in the middle attacks add_header Strict-Transport-Security "max-age=31536000"; root /var/www/html/public; index index.php index.html index.htm; location / { try_files $uri $uri/ =404; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/run/php/php7.0-fpm.sock; } location ~ /\.ht { deny all; } location ~ /.well-known { allow all; } }
为什么我build议使用return 301redirect并添加Strict-Transport-Security头,请阅读更多关于强制实施TLS的好理由 :否则浏览器将不知道您configuration了TLS,混合内容可能会导致问题等。