首页
导航
博客
电子书
算法
众创
代码
随贴
关于我们
您好,欢迎来到码863代码分享网! 请
[登录]
/
[注册]
搜 索
标题:
*
140
字
TAG标签:
(用空格隔开)
30
字
恢复历史版本:
请选择分类
html
python
javascript
php
sql
c
c++
c#
java
plain
所有人可见
仅自己可见
编辑器:UEditor
编辑器:TinyMCE
编辑器:Editor.md
HTML转MD
HTML转MD2
<p>要点:<br/></p><p> 1,下载证书里说cert上传到/usr/local (分别把nginx与apache上传到www.xxx.com.cert/nginx与www.xxx.com.cert/apache下)</p><p> 2,在 /usr/local/nginx/conf/proxy.conf 最后面加上 proxy_set_header X-Forwarded-Proto $scheme; 在对应apache站点vhost中加入SetEnvIf X-Forwarded-Proto https HTTPS=on 解决lnmpa中$_SERVER['HTTPS']无值问题<br/></p><p> 4,服务器多站点多域名HTTPS实现 分别参考各服务商ssl证书安装文档<a href="https://help.aliyun.com/knowledge_detail/48032.html" _src="https://help.aliyun.com/knowledge_detail/48032.html">https://help.aliyun.com/knowledge_detail/48032.html</a> ,逻辑就是各域名配置段上加上相应密匙</p><p> 5,打开 apache 安装目录下 conf 目录中的 httpd.conf 文件,找到以下内容并去掉“#” </p><pre class="brush:plain;toolbar:false">#LoadModule ssl_module modules/mod_ssl.so (如果找不到请确认是否编译过 openssl 插件) #Include conf/extra/httpd-ssl.conf</pre><p> 5,apache的NameVirtualHost *:442(高版本apache2.4不用) 放入httpd.conf Include conf/vhost/*.conf 前面 </p><p><br/></p><p><strong><span style="font-size: 18px;">主要要点是对应好密匙文件与反向代理的配置</span></strong></p><p><br/></p><p><span style="font-size: 24px;">依次配置以下文件</span></p><p>nginx中修改</p><h5 class="margin-top" style="box-sizing: border-box; font-family: " helvetica="" luxi="" dejavu="" hiragino="" sans="" microsoft="" font-weight:="" line-height:="" color:="" margin-top:="" margin-bottom:="" font-size:="" white-space:="" background-color:="">nginx.conf 在默认主机server中加上return 301 <a href="https://www.xxx.com;" target="_self" textvalue="https://www.xxx.com;">https://www.xxx.com;</a>为了让ip地址跳转到自己网站</h5><pre class="brush:plain;toolbar:false">return 301 https://www.xxx.com;</pre><p><br/></p><h5 class="margin-top" style="white-space: normal; box-sizing: border-box; font-family: " helvetica="" luxi="" dejavu="" hiragino="" sans="" microsoft="" font-weight:="" line-height:="" color:="" margin-top:="" margin-bottom:="" font-size:="" background-color:=""><span style="font-family: sans-serif; font-size: 16px;">proxy-pass-php.conf 注意442 因nginx占用了443 apache改用442端口,让nginx把php处理反向代理给apache</span></h5><pre class="brush:plain;toolbar:false">location / { try_files $uri @apache; } location @apache { internal; proxy_pass https://127.0.0.1:442; include proxy.conf; } location ~ [^/]\.php(/|$) { proxy_pass https://127.0.0.1:442; include proxy.conf; }</pre><h5 class="margin-top" style="white-space: normal; box-sizing: border-box; font-family: " helvetica="" luxi="" dejavu="" hiragino="" sans="" microsoft="" font-weight:="" line-height:="" color:="" margin-top:="" margin-bottom:="" font-size:="" background-color:=""> <span style="font-family: sans-serif; font-size: 16px;">proxy.conf 最后加一行proxy_set_header X-Forwarded-Proto $scheme; 新版lnmp.org已加上</span></h5><pre class="brush:plain;toolbar:false">proxy_set_header X-Forwarded-Proto $scheme;</pre><p><span style="font-family: sans-serif; font-size: 16px;"></span><br/></p><p><a href="http://www.xxx.com.conf" _src="http://www.xxx.com.conf">www.xxx.com.conf</a> 站点配置文件 重点 加密匙文件 </p><pre class="brush:plain;toolbar:false">server{ listen 80; #listen [::]:80; server_name xxx.com www.xxx.com; return 301 https://www.xxx.com$request_uri; #rewrite ^(.*)$ https://$host$1 permanent; #关键代码仔细比较两者的跳转的区别 #root /home/wwwroot/www.xxx.com/static; #index.html建个meta的跳转 #将404的页面重定向到https的首页 #error_page 404 https://www.xxx.com/; } server{ listen 443; server_name www.xxx.com; root /home/wwwroot/www.xxx.com; index index.html index.htm index.php; #error_page 404 /404.html; # Deny access to PHP files in specific directory #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; } ssl on; ssl_certificate /usr/local/www.xxx.com.cert/nignx/xxx.com.crt; ssl_certificate_key /usr/local/www.xxx.com.cert/nignx/xxx.com.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; include proxy-pass-php.conf; location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d; } location ~ .*\.(js|css)?$ { expires 30d; } location ~ /\. { deny all; } access_log /home/wwwlogs/www.xxx.com.log; } #顺序不要错 server { listen 443; server_name xxx.com; rewrite ^(.*)$ http://www.xxx.com$1 permanent; }</pre><p><br/></p><p>apache修改</p><p>httpd.conf 把NameVirtualHost *:442(高版本apache2.4不用) 放入httpd.conf Include conf/vhost/*.conf 前面</p><p><br/></p><p>conf/extra/httpd-ssl.conf 把证书修改成自己的 </p><pre class="brush:plain;toolbar:false">Listen 442 # 证书公钥配置 SSLCertificateFile "/usr/local/www.xxx.com.cert/apache/xxx.com.crt" # 证书私钥配置 SSLCertificateKeyFile "/usr/local/www.91dmy.com.cert/apache/xxx.com.key" # 证书链配置,如果该属性开头有 '#'字符,请删除掉 实际中可以不配置 #SSLCertificateChainFile cert/chain.pem</pre><p>conf/vhost/<a href="http://www.xxx.com.conf" _src="http://www.xxx.com.conf">www.xxx.com.conf</a> 重点两点 加密匙文件对应好与加一行SetEnvIf X-Forwarded-Proto https HTTPS=on 解决lnmpa中$_SERVER['HTTPS']无值问题</p><pre class="brush:plain;toolbar:false"><VirtualHost *:442> ServerAdmin xx@xx.com php_admin_value open_basedir "/home/wwwroot/www.xxx.com:/tmp/:/var/tmp/:/proc/" DocumentRoot "/home/wwwroot/www.xxx.com" ServerName www.xxx.com ErrorLog "/home/wwwlogs/www.xxx.com-error_log" CustomLog "/home/wwwlogs/www.xxx.com-access_log" combined SSLCertificateFile "/usr/local/www.xxx.com.cert/apache/xxx.com.crt" SSLCertificateKeyFile "/usr/local/www.xxx.com.cert/apache/xxx.com.key" SSLCertificateChainFile "/usr/local/www.xxx.com.cert/apache/chain.crt" <Directory "/home/wwwroot/www.xxx.com"> SetOutputFilter DEFLATE Options FollowSymLinks AllowOverride All Order allow,deny Allow from all DirectoryIndex index.html index.php SetEnvIf X-Forwarded-Proto https HTTPS=on </Directory> </VirtualHost></pre><p><br/></p>
CopyRight 2002~2023 精通2100网 联系邮箱:qqtxt@163.com
版权所有:精通2100网
湘ICP备2023018646号-1
MYSQl共执行 4 个查询,用时 0.002086877822876 秒,PHP脚本用时 0.004351 秒,占用内存 0.542 MB,Gzip 已启用
