我一直在研究SSL的东西,并从4个教程得到无处…我已经买了一个SSL的pingrglobe.com,现在试图将其应用到我的服务器。 这是我的nginx代码:
http { server { listen 80; server_name pingrglobe.com; rewrite ^(.*) http://www.pingrglobe.com$1 permanent; } server { listen 443; ssl on; ssl_certificate /etc/nginx/ssl/pingrglobe.crt; ssl_certificate_key /etc/nginx/ssl/pingrglobe.key; #enables SSLv3/TLSv1, but not SSLv2 which is weak and should no longer be used. ssl_protocols SSLv3 TLSv1; #Disables all weak ciphers ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM; server_name www.pingrglobe.com; root /var/www/pingrglobe.com; index index.html index.php; location / { try_files $uri $uri/ @extensionless-php; add_header Access-Control-Allow-Origin *; } rewrite ^/blog/blogpost/(.+)$ /blog/blogpost?post=$1 last; rewrite ^/viewticket/(.+)/(.*)$ /viewticket?tid=$1&$2 last; rewrite ^/vemail/(.+)$ /vemail?eid=$1 last; rewrite ^/serversettings/(.+)$ /serversettings?srvid=$1 last; rewrite ^/notification/(.+)$ /notification?id=$1 last; rewrite ^/viewreport/(.+)$ /viewreport?srvid=$1 last; rewrite ^/removeserver/(.+)$ /removeserver?srvid=$1 last; rewrite ^/staffviewticket/(.+)/(.*)$ /staffviewticket?tid=$1&$2 last; rewrite ^/activate/(.*)/(.*)/(.*)$ /activate?user=$1&code=$2&email=$3 last; rewrite ^/activate2/(.*)/(.*)/(.*)$ /activate2?user=$1&code=$2&email=$3 last; rewrite ^/passwordtoken/(.+)/(.*)/(.*)$ /passwordtoken?user=$1&token=$2&email=$3 last; location ~ \.php$ { try_files $uri =404; fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } location @extensionless-php { rewrite ^(.*)$ $1.php last; } location ~ /\. { deny all; } } } 如下所示,SSL不起作用: https : //www.pingrglobe.com
如果你仍然无法reload用你的现有完整文件内容replace下面的内容来报告nginx -t含义。
# Redirect ALL non-https traffic to https server { server_name pingrglobe.com *.pingrglobe.com; return 301 https://$server_name$request_uri; } # Redirect www to non-www server { listen 443 ssl; server_name www.pingrglobe.com; return 301 $scheme://pingrglobe.com$request_uri; } server { listen 443 ssl; server_name pingrglobe.com; ssl_certificate ssl/pingrglobe.crt; ssl_certificate_key ssl/pingrglobe.key; ssl_protocols SSLv3 TLSv1; ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM; root /var/www/pingrglobe.com; index index.php index.html; location / { location ~ /\. { return 403; } add_header Access-Control-Allow-Origin *; rewrite ^/blog/blogpost/(.+)$ /blog/blogpost?post=$1 last; rewrite ^/viewticket/(.+)/(.*)$ /viewticket?tid=$1&$2 last; rewrite ^/vemail/(.+)$ /vemail?eid=$1 last; rewrite ^/serversettings/(.+)$ /serversettings?srvid=$1 last; rewrite ^/notification/(.+)$ /notification?id=$1 last; rewrite ^/viewreport/(.+)$ /viewreport?srvid=$1 last; rewrite ^/removeserver/(.+)$ /removeserver?srvid=$1 last; rewrite ^/staffviewticket/(.+)/(.*)$ /staffviewticket?tid=$1&$2 last; rewrite ^/activate/(.*)/(.*)/(.*)$ /activate?user=$1&code=$2&email=$3 last; rewrite ^/activate2/(.*)/(.*)/(.*)$ /activate2?user=$1&code=$2&email=$3 last; rewrite ^/passwordtoken/(.+)/(.*)/(.*)$ /passwordtoken?user=$1&token=$2&email=$3 last; location ~ \.php$ { include fastcgi_params; fastcgi_index index.php; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_pass unix:/var/run/php5-fpm.sock; try_files $uri =404; } try_files $uri $uri/ @extensionless-php; } # The try_files directive in the php block mitigates security risks. location @extensionless-php { rewrite ^(.*)$ $1.php last; } }
我遇到过同样的问题。 以下是为我工作的。
在Nginx的订购版本中,http {}指令是默认的一部分,它包含了默认的server {}指令。
在较新的版本中,http伪指令位于自己的文件中,名为nginx.conf,它包含所有已经链接到位于已启用站点/
大多数教程声明(或暗示)你应该在虚拟主机文件中创build一个http块,并将ssl指令放在其中。 但是,这会导致vhost中的http指令被包含在nginx.conf中的http指令中,并引发错误: "http" directive is not allowed here
(或者,如果您之前有其他命令,则not allowed here出现错误。)
解决方法是直接在nginx.conf中包含SSL指令,而不是在vhost文件中创build一个新的http指令。