要点:
1,下载证书里说cert上传到/usr/local (分别把nginx与apache上传到www.xxx.com.cert/nginx与www.xxx.com.cert/apache下)
2,在 /usr/local/nginx/conf/proxy.conf 最后面加上 proxy_set_header X-Forwarded-Proto $scheme; 在对应apache站点vhost中加入SetEnvIf X-Forwarded-Proto https HTTPS=on 解决lnmpa中$_SERVER['HTTPS']无值问题
4,服务器多站点多域名HTTPS实现 分别参考各服务商ssl证书安装文档https://help.aliyun.com/knowledge_detail/48032.html ,逻辑就是各域名配置段上加上相应密匙
5,打开 apache 安装目录下 conf 目录中的 httpd.conf 文件,找到以下内容并去掉“#”
#LoadModule ssl_module modules/mod_ssl.so (如果找不到请确认是否编译过 openssl 插件) #Include conf/extra/httpd-ssl.conf
5,apache的NameVirtualHost *:442(高版本apache2.4不用) 放入httpd.conf Include conf/vhost/*.conf 前面
主要要点是对应好密匙文件与反向代理的配置
依次配置以下文件
nginx中修改
return 301 https://www.xxx.com;
location /
{
try_files $uri @apache;
}
location @apache
{
internal;
proxy_pass https://127.0.0.1:442;
include proxy.conf;
}
location ~ [^/]\.php(/|$)
{
proxy_pass https://127.0.0.1:442;
include proxy.conf;
}proxy_set_header X-Forwarded-Proto $scheme;
www.xxx.com.conf 站点配置文件 重点 加密匙文件
server{
listen 80;
#listen [::]:80;
server_name xxx.com www.xxx.com;
return 301 https://www.xxx.com$request_uri;
#rewrite ^(.*)$ https://$host$1 permanent; #关键代码仔细比较两者的跳转的区别
#root /home/wwwroot/www.xxx.com/static; #index.html建个meta的跳转
#将404的页面重定向到https的首页
#error_page 404 https://www.xxx.com/;
}
server{
listen 443;
server_name www.xxx.com;
root /home/wwwroot/www.xxx.com;
index index.html index.htm index.php;
#error_page 404 /404.html;
# Deny access to PHP files in specific directory
#location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }
ssl on;
ssl_certificate /usr/local/www.xxx.com.cert/nignx/xxx.com.crt;
ssl_certificate_key /usr/local/www.xxx.com.cert/nignx/xxx.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
include proxy-pass-php.conf;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 30d;
}
location ~ /\.
{
deny all;
}
access_log /home/wwwlogs/www.xxx.com.log;
}
#顺序不要错
server {
listen 443;
server_name xxx.com;
rewrite ^(.*)$ http://www.xxx.com$1 permanent;
}apache修改
httpd.conf 把NameVirtualHost *:442(高版本apache2.4不用) 放入httpd.conf Include conf/vhost/*.conf 前面
conf/extra/httpd-ssl.conf 把证书修改成自己的
Listen 442 # 证书公钥配置 SSLCertificateFile "/usr/local/www.xxx.com.cert/apache/xxx.com.crt" # 证书私钥配置 SSLCertificateKeyFile "/usr/local/www.91dmy.com.cert/apache/xxx.com.key" # 证书链配置,如果该属性开头有 '#'字符,请删除掉 实际中可以不配置 #SSLCertificateChainFile cert/chain.pem
conf/vhost/www.xxx.com.conf 重点两点 加密匙文件对应好与加一行SetEnvIf X-Forwarded-Proto https HTTPS=on 解决lnmpa中$_SERVER['HTTPS']无值问题
<VirtualHost *:442> ServerAdmin xx@xx.com php_admin_value open_basedir "/home/wwwroot/www.xxx.com:/tmp/:/var/tmp/:/proc/" DocumentRoot "/home/wwwroot/www.xxx.com" ServerName www.xxx.com ErrorLog "/home/wwwlogs/www.xxx.com-error_log" CustomLog "/home/wwwlogs/www.xxx.com-access_log" combined SSLCertificateFile "/usr/local/www.xxx.com.cert/apache/xxx.com.crt" SSLCertificateKeyFile "/usr/local/www.xxx.com.cert/apache/xxx.com.key" SSLCertificateChainFile "/usr/local/www.xxx.com.cert/apache/chain.crt" <Directory "/home/wwwroot/www.xxx.com"> SetOutputFilter DEFLATE Options FollowSymLinks AllowOverride All Order allow,deny Allow from all DirectoryIndex index.html index.php SetEnvIf X-Forwarded-Proto https HTTPS=on </Directory> </VirtualHost>