如何配置Nginx仅用于https

时间:2017-11-24 13:35:15

标签: nginx lets-encrypt

我是网络服务器世界的新手,我不想我的网站只为https服务(对于IPV4和IPV6),所以我实施了以下步骤,

  1. 安装letsencrypt。
  2. 使用Nginx插件安装certbot。
  3. 使用命令
  4. 创建证书

    sudo certbot --nginx certonly -d maarath.com -d www.maarath.com

    4.在etc / nginx / site-available / main中手动配置我的站点配置文件,如下所示,

    server {
            listen 80  ;
            listen [::]:80  ;
            root /var/www/main/;
            index index.php index.html index.htm;
            # Make site accessible from http://localhost/
            server_name maarath.com www.maarath.com;
            location / {
                    try_files $uri $uri/ =404;
            }
    
    # HTTPS
    
        listen              443 ssl;
        server_name       maarath.com  www.maarath.com;
        ssl_certificate     /etc/letsencrypt/live/maarath.com/cert.pem;
        ssl_certificate_key /etc/letsencrypt/live/maarath.com/privkey.pem;
        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers         HIGH:!aNULL:!MD5;
    
    
    
    
            location ~ \.php$ {
                    try_files $uri =404;
                    fastcgi_split_path_info ^(.+\.php)(/.+)$;
                    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
                    fastcgi_index index.php;
                    include fastcgi.conf;
            }
            #deny access to .htaccess files, if Apache's document root
            #concurs with nginx's one
            location ~ /\.ht {
    
            }
    }
    
    1. 运行命令nginx -t没有问题。
    2. 重启nginx。
    3. 问题是我的网站在完成上述所有步骤后仍然不安全,我是否错过了什么或做错了什么?任何帮助将不胜感激。

2 个答案:

答案 0 :(得分:2)

拳头关闭,我相信您的配置错过了server {

下的第二个# HTTPS

为了做到这一点,您的网站https://maarath.com会引发SSL错误?因为从我的角度来看,它运作得很好。或者您的意思是http未被重定向到https

如果是这样的话,请添加

return 301 https://maarath.com$request_uri;

到您的第一个服务器块。正上方

server_name ...

这会自动将所有请求从http重定向到https

答案 1 :(得分:1)

正如NullDev所说,我只是想添加新的工作配置文件,希望能够帮助其他人。

server {
    listen 80 ;
    listen [::]:80;
        server_name maarath.com www.maarath.com;

    # Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
    return 301 https://$host$request_uri;
}


server {
# HTTPS

    listen              443 ssl;

        listen [::]:443 ssl;
        root /var/www/main/ ;
        index index.php index.html index.htm;
    server_name       maarath.com  www.maarath.com;

    ssl_certificate     /etc/letsencrypt/live/maarath.com/cert.pem;
    ssl_certificate_key /etc/letsencrypt/live/maarath.com/privkey.pem;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;

        location / {
                try_files $uri $uri/ =404;
        }




        location ~ \.php$ {
                try_files $uri =404;
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
                fastcgi_index index.php;
                include fastcgi.conf;
        }
        #deny access to .htaccess files, if Apache's document root
        #concurs with nginx's one
        location ~ /\.ht {
                deny all;
        }
}