Question

我刚刚将此网站配置为使用Let的加密证书：https://secureshop.dnd1.com但浏览器栏显示该网站不安全。我在这里做错了什么？

这是我的NGINX配置文件：

server {
    listen 80;
    server_name secureshop.dnd1.com;
    return 301 https://$host$request_uri;
}
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
    #listen 80;

    # SSL configuration
    #
    # listen 443 ssl default_server;
    listen 443 ssl default_server;
    # listen [::]:443 ssl default_server;
    #
    # Note: You should disable gzip for SSL traffic.
    # See: https://bugs.debian.org/773332
    #
    # Read up on ssl_ciphers to ensure a secure configuration.
    # See: https://bugs.debian.org/765782
    #
    # Self signed certs generated by the ssl-cert package
    # Don't use them in a production server!
    #
    # include snippets/snakeoil.conf;

    #root /var/www/html;
    root /usr/share/nginx/html/secureshop;

    # Add index.php to the list if you are using PHP
    index index.html index.php index.htm index.nginx-debian.html;

    server_name secureshop.dnd1.com;

    #SSL
    ssl_certificate /etc/letsencrypt/live/secureshop.dnd1.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/secureshop.dnd1.com/privkey.pem;
        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;

    # Logs
    access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

    location ~ /.well-known {
                allow all;
        }

    location = /robots.txt {
            auth_basic off;
            allow all;
            log_not_found off;
            access_log off;
        }

    # Gzip Settings
        #gzip on;
        #gzip_disable "msie6";
        #gzip_vary on;
        #gzip_proxied any;
        #gzip_comp_level 1;
        #gzip_buffers 16 8k;
        #gzip_http_version 1.0;
        #gzip_types application/json text/css application/javascript;

        rewrite ^/api/?(.*)$ /webservice/dispatcher.php?url=$1 last;
        rewrite ^/([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$1$2$3.jpg last;
        rewrite ^/([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$1$2$3$4.jpg last;
        rewrite ^/([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$1$2$3$4$5.jpg last;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg last;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg last;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg last;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg last;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg last;
        rewrite ^/c/([0-9]+)(-[.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+.jpg$ /img/c/$1$2$3.jpg last;
        rewrite ^/c/([a-zA-Z_-]+)(-[0-9]+)?/.+.jpg$ /img/c/$1$2.jpg last;
        rewrite ^/images_ie/?([^/]+).(jpe?g|png|gif)$ /js/jquery/plugins/fancybox/images/$1.$2 last;
        rewrite ^/order$ /index.php?controller=order last;

    # Admin URL   
    location /admin-dev/ {                           #Change this to your admin folder
            if (!-e $request_filename) {
                rewrite ^/.*$ /admin-dev/index.php last; #Change this to your admin folder
            }
        }

    location / {
            if (!-e $request_filename) {
                rewrite ^/.*$ /index.php last;
            }
    }   

#   location / {
#       # First attempt to serve request as file, then
#       # as directory, then fall back to displaying a 404.
#       try_files $uri $uri/ =404;
#   }

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
            try_files $uri =404;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass unix:/var/run/php5-fpm.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
    }

    client_max_body_size 10M;

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #   deny all;
    #}
}


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#   listen 80;
#   listen [::]:80;
#
#   server_name example.com;
#
#   root /var/www/example.com;
#   index index.html;
#
#   location / {
#       try_files $uri $uri/ =404;
#   }
#}

我不明白为什么这个证书使我的网站显示为“不安全”。我还需要做点什么吗？

Answer 1

红色条表示证书是自签名的。可能你没有正确安装let的加密证书。

根据您的系统配置，您可以找到很多关于如何在nginx上手动安装Ssl的教程。

度过愉快的一天，

维拉德

Prestashop + NGINX +让我们加密：SSL在搜索栏中显示为不安全

1 个答案: