- 首先登录https://freessl.cn/, 填写域名, 免费的域名只能填一个, 不能填写多个, 选择亚洲诚信, 可以免费使用一年
- 下一步填写邮箱, 证书类型选择ECC, 验证类型选择文件验证(DNS验证不知为何不好使), CSR生成选择浏览器生成:
- 确认创建, 在网站服务器上临时更改一下nginx配置, 先下载文件, 将文件拷贝到服务器网站根目录的下面目录(需要创建文件夹) : .well-known/pki-validation/fileauth.txt, 确认网站可以访问此文件且记录值一致, 就可以直接点击验证, 验证通过后就可下载证书文件
- 证书文件下载解压完后有两个文件, 分别是full_chain.pem和private.key, 将此证书文件夹拷贝到服务器nginx目录: /usr/local/nginx/conf/cert/ (需要创建文件夹cert)
- 配置网站:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 |
upstream php { #nginx与phpfcgi的通信方式 #用Unix Socket通行方式比TCP通信方式速度快,但是TCP在高并发的时候比Unix Socket稳定 server unix:/tmp/php-cgi.sock; #server 127.0.0.1:9000; } server { listen 80; server_name meaninglive.com www.meaninglive.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl; charset utf-8; server_name meaninglive.com www.meaninglive.com; access_log /data/logs/nginx/wordpress_access.log main; error_log /data/logs/nginx/wordpress_error.log error; index index.html index.htm index.php default.html default.htm default.php; root /data/wwwroot/rainingwalk; ssl_certificate cert/meaninglive.com/full_chain.pem; ssl_certificate_key cert/meaninglive.com/private.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_prefer_server_ciphers on; set $skip_cache 0; #这是对网站的301重定向,当用linuxde.net地址访问,会跳转到www.linuxde.net #if ($host !~ "^www\.linuxde\.net$") { # rewrite ^(.*) http://138.128.212.28$1 permanent; #} location ~ /xmlrpc { deny all; } location /xmlrpc.php { deny all; } # POST 和带参数的请求(动态查询)不展示缓存 if ($request_method = POST) { set $skip_cache 1; } if ($query_string != "") { set $skip_cache 1; } #后台等特定页面不缓存(其他需求请自行添加即可) if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") { set $skip_cache 1; } #对登录用户、评论过的用户不展示缓存 if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") { set $skip_cache 1; } location / { proxy_redirect off; proxy_set_header Host $host; #这行打开real-ip这个header proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #set_real_ip_from 0.0.0.0/0; #real_ip_header X-Forwarded-For; #real_ip_recursive on; #此处可以添加自定义的伪静态规则(之前你新增的伪静态规则可以添加到这,没有就不用了) #wordpress的伪静态 if (-f $request_filename/index.html){ rewrite (.*) $1/index.html break; } if (-f $request_filename/index.php){ rewrite (.*) $1/index.php; } if (!-f $request_filename){ rewrite (.*) /index.php; } try_files $uri $uri/ /index.php?$args; rewrite /wp-admin$ $scheme://$host$uri/ permanent; } location ~ .*\.(php|php5)?$ { #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini try_files $uri =404; include fastcgi.conf; fastcgi_intercept_errors on; fastcgi_pass php; fastcgi_cache_bypass $skip_cache; fastcgi_no_cache $skip_cache; fastcgi_index index.php; add_header X-Cache "$upstream_cache_status From $host"; fastcgi_cache WORDPRESS; fastcgi_cache_valid 200 301 302 1d; fastcgi_buffers 16 16k; fastcgi_buffer_size 32k; } #缓存清理配置(可选模块,请细看下文说明) location ~ /purge(/.*) { allow all; #allow 127.0.0.1; #allow "此处填写你服务器的真实外网IP"; #deny all; fastcgi_cache_purge WORDPRESS "$scheme$request_method$host$1"; } location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ { access_log off; log_not_found off; expires max; } location = /robots.txt { access_log off; log_not_found off; } location ~ /\. { deny all; access_log off; log_not_found off; } } |
- 确认443端口没有被占用, 重启下nginx即可
0 Comments