Nginx下https配置

Nginx下https配置相对比较简单，大致如下；‍

# cd /usr/local/webserver/nginx/conf
如下需要输入设置的密码，请牢记，以下的配置中需要此密码；
# openssl genrsa -des3 -out server.key 1024
# openssl req -new -key server.key -out server.csr
# cp server.key server.key.bak
# openssl rsa -in server.key.bak -out server.key
# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
修改nginx的配置文件；
vi /usr/local/webserver/nginx/conf/nginx.conf
添加如下内容；
端口要改成443；
listen 443;
ssl on;
ssl_certificate /usr/local/webserver/nginx/conf/server.crt;
ssl_certificate_key /usr/local/webserver/nginx/conf/server.key;
贴一个完整配置；
server
{
listen 443;
server_name domain.com www.domain.com 1.1.1.1;
index index.html index.htm index.php;
root /home/vhosts/home/domain/httpdocs;
ssl on;
ssl_certificate /usr/local/webserver/nginx/conf/server.crt;
ssl_certificate_key /usr/local/webserver/nginx/conf/server.key;
if (!-f $uri) {
rewrite ^/product/(.*)\.(.*)$ http://download.domain.com/$1.$2 permanent;
}

if ($host != 'www.domain.com' ) {
rewrite ^/(.*)$ http://www.domain.com/$1 permanent;
}

if (!-f $request_filename) {
rewrite ^/product/new-product/(.*)--([0-9]+)\.(.*)$ /product/$1.$3 permanent;
}

include /home/vhosts/home/domain/etc/rewrite.include;

#limit_conn crawler 20;

location ~ /\.ht {
deny all;
}

location /data/domain {
deny all;
}

location /data/txtdb {
deny all;
}

location ~ .*\.(php|php5)?$
{
#fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fcgi.conf;
}

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|ico)$
{
access_log off;
expires 30d;
}

location ~ .*\.(js|css)?$
{
access_log off;
expires 7d;
}

access_log /home/vhosts/home/domain/logs/domain.com_1.1.1.1_access_log access1;
error_log /usr/local/webserver/logs/domain.com_1.1.1.1_error_log error;

}

OK,到此配置完成，重启nginx就可以https访问了！