nginx 配置ssl证书

1 在服务商获取证书,解压后拿到

uikid.com.crt 
uikid.com.key

2 进入目录 /usr/local/nginx/conf/,创建文件夹cert,将文件上传到此目录

cd /usr/local/nginx/conf && mkdir cert

3 配置nginx

server {
  listen 443 ssl;
  server_name uikid.com;
  root  /you/data/url;

  ssl_certificate  cert/uikid.com.crt;
  ssl_certificate_key cert/uikid.com.key;
  ssl_session_timeout 5m;
  ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;

  access_log    /var/log/access.log;
  error_log     /var/log/error.log;

  location / {
     try_files $uri $uri/ /index.php?$args;
     index index.php;
     autoindex on;
  }

  #proxy the php scripts to php-fpm
  location ~ \.php(.*)$ {
    try_files $uri = 404;
    #fastcgi_pass  127.0.0.1:9000;
    fastcgi_pass unix:/tmp/php-cgi.sock;
    fastcgi_index index.php;
    fastcgi_split_path_info  ^((?U).+\.php)(/?.+)$;
    fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    fastcgi_param  PATH_INFO  $fastcgi_path_info;
    fastcgi_param  PATH_TRANSLATED  $document_root$fastcgi_path_info;
    include fastcgi_params;
  }
}

4 处理http转https 在原有配置文件下添加

rewrite ^(.*)$ https://$host$1 permanent; #重定向到https

server {
  listen 80;
  server_name uikid.com;
  root  /you/data/url;
  rewrite ^(.*)$ https://$host$1 permanent; #重定向到https

  #access_log    /var/log/access.log;
  #error_log     /var/log/error.log;

  location / {
     try_files $uri $uri/ /index.php?$args;
     index index.php;
     autoindex on;
  }

  #proxy the php scripts to php-fpm
  location ~ \.php(.*)$ {
    try_files $uri = 404;
    #fastcgi_pass  127.0.0.1:9000;
    fastcgi_pass unix:/tmp/php-cgi.sock;
    fastcgi_index index.php;
    fastcgi_split_path_info  ^((?U).+\.php)(/?.+)$;
    fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    fastcgi_param  PATH_INFO  $fastcgi_path_info;
    fastcgi_param  PATH_TRANSLATED  $document_root$fastcgi_path_info;
    include fastcgi_params;
  }
}